Merge pull request #9475 from overleaf/jpa-ta-clsi-root-doc-path

[clsi] remove stripping of characters from the root doc path GitOrigin-RevId: 18a8a5c66eecc1cf21aa202180720707d27671ea
2025-02-24 12:51:50 +00:00 · 2022-09-01 10:51:46 +01:00 · 2022-09-01 10:51:46 +01:00 · e96f7df704
commit e96f7df704
parent af3629687b
2 changed files with 2 additions and 40 deletions
--- a/services/clsi/app/js/RequestParser.js
+++ b/services/clsi/app/js/RequestParser.js
@ -4,7 +4,6 @@ const VALID_COMPILERS = ['pdflatex', 'latex', 'xelatex', 'lualatex']
 const MAX_TIMEOUT = 600

 function parse(body, callback) {
-  let resource
  const response = {}

  if (body.compile == null) {
@ -127,15 +126,7 @@ function parse(body, callback) {
        type: 'string',
      }
    )
-    const originalRootResourcePath = rootResourcePath
-    const sanitizedRootResourcePath = _sanitizePath(rootResourcePath)
-    response.rootResourcePath = _checkPath(sanitizedRootResourcePath)
-
-    for (resource of response.resources) {
-      if (resource.path === originalRootResourcePath) {
-        resource.path = sanitizedRootResourcePath
-      }
-    }
+    response.rootResourcePath = _checkPath(rootResourcePath)
  } catch (error1) {
    const error = error1
    return callback(error)
@ -204,12 +195,6 @@ function _parseAttribute(name, attribute, options) {
  return attribute
 }

-function _sanitizePath(path) {
-  // See http://php.net/manual/en/function.escapeshellcmd.php
-  // eslint-disable-next-line no-control-regex
-  return path.replace(/[#&;`|*?~<>^()[\]{}$\\\x0A\xFF\x00]/g, '')
-}
-
 function _checkPath(path) {
  // check that the request does not use a relative path
  for (const dir of Array.from(path.split('/'))) {
--- a/services/clsi/test/unit/js/RequestParserTests.js
+++ b/services/clsi/test/unit/js/RequestParserTests.js
@ -402,29 +402,6 @@ describe('RequestParser', function () {
    })
  })

-  describe('with a root resource path that needs escaping', function () {
-    beforeEach(function () {
-      this.badPath = '`rm -rf foo`.tex'
-      this.goodPath = 'rm -rf foo.tex'
-      this.validRequest.compile.rootResourcePath = this.badPath
-      this.validRequest.compile.resources.push({
-        path: this.badPath,
-        date: '12:00 01/02/03',
-        content: 'Hello world',
-      })
-      this.RequestParser.parse(this.validRequest, this.callback)
-      this.data = this.callback.args[0][1]
-    })
-
-    it('should return the escaped resource', function () {
-      this.data.rootResourcePath.should.equal(this.goodPath)
-    })
-
-    it('should also escape the resource path', function () {
-      this.data.resources[0].path.should.equal(this.goodPath)
-    })
-  })
-
  describe('with a root resource path that has a relative path', function () {
    beforeEach(function () {
      this.validRequest.compile.rootResourcePath = 'foo/../../bar.tex'
@ -441,7 +418,7 @@ describe('RequestParser', function () {

  describe('with a root resource path that has unescaped + relative path', function () {
    beforeEach(function () {
-      this.validRequest.compile.rootResourcePath = 'foo/#../bar.tex'
+      this.validRequest.compile.rootResourcePath = 'foo/../bar.tex'
      this.RequestParser.parse(this.validRequest, this.callback)
      this.data = this.callback.args[0][1]
    })