mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-01-20 06:29:53 +01:00
check the padID with a regular expression
This commit is contained in:
parent
f45b7ce9ea
commit
820c18c7e9
2 changed files with 27 additions and 11 deletions
|
@ -33,6 +33,9 @@ globalPads = [];
|
|||
*/
|
||||
exports.getPad = function(id, callback)
|
||||
{
|
||||
if(!exports.isValidPadId(id))
|
||||
throw new Error(id + " is not a valid padId");
|
||||
|
||||
var pad = globalPads[id];
|
||||
|
||||
//return pad if its already loaded
|
||||
|
@ -69,3 +72,9 @@ exports.doesPadExists = function(padId, callback)
|
|||
callback(err, value != null);
|
||||
});
|
||||
}
|
||||
|
||||
exports.isValidPadId = function(padId)
|
||||
{
|
||||
return /^([0-9]+\$)?[^$]{1,50}$/.test(padId);
|
||||
}
|
||||
|
||||
|
|
|
@ -38,6 +38,7 @@ var exportHandler;
|
|||
var importHandler;
|
||||
var exporthtml;
|
||||
var readOnlyManager;
|
||||
var padManager;
|
||||
|
||||
//try to get the git version
|
||||
var version = "";
|
||||
|
@ -76,6 +77,7 @@ async.waterfall([
|
|||
exportHandler = require('./handler/ExportHandler');
|
||||
importHandler = require('./handler/ImportHandler');
|
||||
apiHandler = require('./handler/APIHandler');
|
||||
padManager = require('./db/PadManager');
|
||||
|
||||
//install logging
|
||||
var httpLogger = log4js.getLogger("http");
|
||||
|
@ -162,7 +164,7 @@ async.waterfall([
|
|||
app.get('/p/:pad', function(req, res, next)
|
||||
{
|
||||
//ensure the padname is valid and the url doesn't end with a /
|
||||
if(!isValidPadname(req.params.pad) || /\/$/.test(req.url))
|
||||
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url))
|
||||
{
|
||||
next();
|
||||
return;
|
||||
|
@ -177,7 +179,7 @@ async.waterfall([
|
|||
app.get('/p/:pad/timeslider', function(req, res, next)
|
||||
{
|
||||
//ensure the padname is valid and the url doesn't end with a /
|
||||
if(!isValidPadname(req.params.pad) || /\/$/.test(req.url))
|
||||
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url))
|
||||
{
|
||||
next();
|
||||
return;
|
||||
|
@ -191,6 +193,13 @@ async.waterfall([
|
|||
//serve timeslider.html under /p/$padname/timeslider
|
||||
app.get('/p/:pad/export/:type', function(req, res, next)
|
||||
{
|
||||
//ensure the padname is valid and the url doesn't end with a /
|
||||
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url))
|
||||
{
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
var types = ["pdf", "doc", "txt", "html", "odt"];
|
||||
//send a 404 if we don't support this filetype
|
||||
if(types.indexOf(req.params.type) == -1)
|
||||
|
@ -213,6 +222,13 @@ async.waterfall([
|
|||
//handle import requests
|
||||
app.post('/p/:pad/import', function(req, res, next)
|
||||
{
|
||||
//ensure the padname is valid and the url doesn't end with a /
|
||||
if(!padManager.isValidPadId(req.params.pad) || /\/$/.test(req.url))
|
||||
{
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
//if abiword is disabled, skip handling this request
|
||||
if(settings.abiword == null)
|
||||
{
|
||||
|
@ -326,12 +342,3 @@ async.waterfall([
|
|||
callback(null);
|
||||
}
|
||||
]);
|
||||
|
||||
function isValidPadname(padname)
|
||||
{
|
||||
//ensure there is no dollar sign in the pad name
|
||||
if(padname.indexOf("$")!=-1)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue