Merge pull request #285 from sharelatex/file-path-checks

add file path check on element names
This commit is contained in:
Henry Oswald 2016-07-22 13:54:05 +01:00 committed by GitHub
commit 8492ea7d28

View file

@ -512,6 +512,11 @@ module.exports = ProjectEntityHandler =
return callback(e) return callback(e)
type = sanitizeTypeOfElement type type = sanitizeTypeOfElement type
if path.resolve("/", element.name) isnt "/#{element.name}" or element.name.match("/")
e = new Error("invalid element name")
logger.err project_id:project._id, folder_id:folder_id, element:element, type:type, "failed trying to insert element as name was invalid"
return callback(e)
if !folder_id? if !folder_id?
folder_id = project.rootFolder[0]._id folder_id = project.rootFolder[0]._id
ProjectEntityHandler._countElements project, (err, count)-> ProjectEntityHandler._countElements project, (err, count)->