Merge pull request #2302 from Gared/create_pad_special_characters

Add check for special url characters to createPad API function
This commit is contained in:
John McLear 2015-04-11 14:56:26 +01:00
commit 5ef22e649b
3 changed files with 36 additions and 6 deletions

View file

@ -388,10 +388,12 @@ Group pads are normal pads, but with the name schema GROUPID$PADNAME. A security
* API >= 1
creates a new (non-group) pad. Note that if you need to create a group Pad, you should call **createGroupPad**.
You get an error message if you use one of the following characters in the padID: "/", "?", "&" or "#".
*Example returns:*
* `{code: 0, message:"ok", data: null}`
* `{code: 1, message:"pad does already exist", data: null}`
* `{code: 1, message:"padID does already exist", data: null}`
* `{code: 1, message:"malformed padID: Remove special characters", data: null}`
#### getRevisionsCount(padID)
* API >= 1

View file

@ -687,12 +687,21 @@ Example returns:
exports.createPad = function(padID, text, callback)
{
//ensure there is no $ in the padID
if(padID && padID.indexOf("$") != -1)
if(padID)
{
callback(new customError("createPad can't create group pads","apierror"));
return;
if(padID.indexOf("$") != -1)
{
callback(new customError("createPad can't create group pads","apierror"));
return;
}
//check for url special characters
else if(padID.match(/(\/|\?|&|#)/))
{
callback(new customError("malformed padID: Remove special characters","apierror"));
return;
}
}
//create pad
getPadSafe(padID, false, text, function(err)
{

View file

@ -2,7 +2,8 @@ var assert = require('assert')
supertest = require(__dirname+'/../../../../src/node_modules/supertest'),
fs = require('fs'),
api = supertest('http://localhost:9001');
path = require('path');
path = require('path'),
async = require(__dirname+'/../../../../src/node_modules/async');
var filePath = path.join(__dirname, '../../../../APIKEY.txt');
@ -80,6 +81,7 @@ describe('Permission', function(){
-> setHTML(padID) -- Should fail on invalid HTML
-> setHTML(padID) *3 -- Should fail on invalid HTML
-> getHTML(padID) -- Should return HTML close to posted HTML
-> createPad -- Tries to create pads with bad url characters
*/
@ -494,6 +496,23 @@ describe('getHTML', function(){
});
})
describe('createPad', function(){
it('errors if pad can be created', function(done) {
var badUrlChars = ["/", "%23", "%3F", "%26"];
async.map(
badUrlChars,
function (badUrlChar, cb) {
api.get(endPoint('createPad')+"&padID="+badUrlChar)
.expect(function(res){
if(res.body.code !== 1) throw new Error("Pad with bad characters was created");
})
.expect('Content-Type', /json/)
.end(cb);
},
done);
});
})
/*
-> movePadForce Test