mirror of https://github.com/status-im/codimd.git
Fix possible line-ending issues for init note
By uploading a malicous note currently it is possible to prevent this note from being edited. This happens when using Windows line endings. With this commit we remove all `\r` characters from the notes and this way prevent this problem. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
7c7cc289f2
commit
b7b621822c
|
@ -145,6 +145,8 @@ function responseHackMD (res, note) {
|
||||||
|
|
||||||
function newNote (req, res, next) {
|
function newNote (req, res, next) {
|
||||||
var owner = null
|
var owner = null
|
||||||
|
var body = req.body ? req.body : ''
|
||||||
|
body = body.replace(/[\r]/g, '')
|
||||||
if (req.isAuthenticated()) {
|
if (req.isAuthenticated()) {
|
||||||
owner = req.user.id
|
owner = req.user.id
|
||||||
} else if (!config.allowAnonymous) {
|
} else if (!config.allowAnonymous) {
|
||||||
|
@ -153,7 +155,7 @@ function newNote (req, res, next) {
|
||||||
models.Note.create({
|
models.Note.create({
|
||||||
ownerId: owner,
|
ownerId: owner,
|
||||||
alias: req.alias ? req.alias : null,
|
alias: req.alias ? req.alias : null,
|
||||||
content: req.body ? req.body : ''
|
content: body
|
||||||
}).then(function (note) {
|
}).then(function (note) {
|
||||||
return res.redirect(config.serverURL + '/' + models.Note.encodeNoteId(note.id))
|
return res.redirect(config.serverURL + '/' + models.Note.encodeNoteId(note.id))
|
||||||
}).catch(function (err) {
|
}).catch(function (err) {
|
||||||
|
|
Loading…
Reference in New Issue