fix: auto-trim trailing slash from paths + illegal chars check during move

7306fabd · NGPixel · 566043ec · 7306fabd
Commit 7306fabd authored Apr 24, 2020 by NGPixel
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 1 deletion

pages.js server/models/pages.js +16 -1

No files found.
--- a/server/models/pages.js
+++ b/server/models/pages.js
@@ -214,10 +214,15 @@ module.exports = class Page extends Model {
   */
  static async createPage(opts) {
    // -> Validate path
-    if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0) {
+    if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0 || opts.path.index('\\') >= 0) {
      throw new WIKI.Error.PageIllegalPath()
    }
+    // -> Remove trailing slash
+    if (opts.path.endsWidth('/')) {
+      opts.path = opts.path.slice(0, -1)
+    }
    // -> Check for page access
    if (!WIKI.auth.checkAccess(opts.user, ['write:pages'], {
      locale: opts.locale,
@@ -398,6 +403,16 @@ module.exports = class Page extends Model {
      throw new WIKI.Error.PageNotFound()
    }
+    // -> Validate path
+    if (opts.destinationPath.indexOf('.') >= 0 || opts.destinationPath.indexOf(' ') >= 0 || opts.destinationPath.index('\\') >= 0) {
+      throw new WIKI.Error.PageIllegalPath()
+    }
+    // -> Remove trailing slash
+    if (opts.destinationPath.endsWidth('/')) {
+      opts.destinationPath = opts.destinationPath.slice(0, -1)
+    }
    // -> Check for source page access
    if (!WIKI.auth.checkAccess(opts.user, ['manage:pages'], {
      locale: page.localeCode,