mirror of https://github.com/status-im/codimd.git
Fix possible line-ending issues for init note
By uploading a malicous note currently it is possible to prevent this note from being edited. This happens when using Windows line endings. With this commit we remove all `\r` characters from the notes and this way prevent this problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
7c7cc289f2
commit
b7b621822c
|
@ -145,6 +145,8 @@ function responseHackMD (res, note) {
|
|||
|
||||
function newNote (req, res, next) {
|
||||
var owner = null
|
||||
var body = req.body ? req.body : ''
|
||||
body = body.replace(/[\r]/g, '')
|
||||
if (req.isAuthenticated()) {
|
||||
owner = req.user.id
|
||||
} else if (!config.allowAnonymous) {
|
||||
|
@ -153,7 +155,7 @@ function newNote (req, res, next) {
|
|||
models.Note.create({
|
||||
ownerId: owner,
|
||||
alias: req.alias ? req.alias : null,
|
||||
content: req.body ? req.body : ''
|
||||
content: body
|
||||
}).then(function (note) {
|
||||
return res.redirect(config.serverURL + '/' + models.Note.encodeNoteId(note.id))
|
||||
}).catch(function (err) {
|
||||
|
|
Loading…
Reference in New Issue