From 813df21020cead6e14c75cdddc10d7ef930cd71f Mon Sep 17 00:00:00 2001 From: broxen Date: Sun, 10 Oct 2021 11:56:20 -0700 Subject: [PATCH] fix: prevent malformed paths for pages (#4533) * First take on removing erroneous path characters Paths should not accept trailing slashes or hashtags. This is a first attempt at nullifying those. * Use rules to verify path before acceptance Use Regex and rules to verify paths before acceptance * Rules to prevent any leading or trailing slashes * Complex slug for regex on path, but it elminates special chars * Added yarn.lock to .gitignore * Maybe we do want yarn.lock afterall * Adding yarn.lock * Move Regex pattern outside of export --- client/components/editor/editor-modal-properties.vue | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/client/components/editor/editor-modal-properties.vue b/client/components/editor/editor-modal-properties.vue index 819c3299..0738b333 100644 --- a/client/components/editor/editor-modal-properties.vue +++ b/client/components/editor/editor-modal-properties.vue @@ -64,6 +64,7 @@ :hint='$t(`editor:props.pathHint`)' persistent-hint @click:append='showPathSelector' + :rules='[rules.required, rules.path]' ) v-divider v-card-text.grey.pt-5(:class='$vuetify.theme.dark ? `darken-3-d5` : `lighten-4`') @@ -254,6 +255,7 @@ import 'codemirror/mode/htmlmixed/htmlmixed.js' import 'codemirror/mode/css/css.js' /* global siteLangs, siteConfig */ +const filenamePattern = /^(?![\#\/\.\$\^\=\*\;\:\&\?\(\)\[\]\{\}\"\'\>\<\,\@\!\%\`\~\s])(?!.*[\#\/\.\$\^\=\*\;\:\&\?\(\)\[\]\{\}\"\'\>\<\,\@\!\%\`\~\s]$)[^\#\.\$\^\=\*\;\:\&\?\(\)\[\]\{\}\"\'\>\<\,\@\!\%\`\~\s]*$/ export default { props: { @@ -272,7 +274,13 @@ export default { newTagSuggestions: [], newTagSearch: '', currentTab: 0, - cm: null + cm: null, + rules: { + required: value => !!value || 'This field is required.', + path: value => { + return filenamePattern.test(value) || 'Invalid path. Please ensure it does not contain special characters, or begin/end in a slash or hashtag string.' + } + } } }, computed: {