-
-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: Fix revision parsing (#5772)
A carefully crated URL can cause Etherpad to hang.
- Loading branch information
1 parent
1d28952
commit 1e98033
Showing
9 changed files
with
325 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
'use strict'; | ||
|
||
const CustomError = require('../utils/customError'); | ||
|
||
// checks if a rev is a legal number | ||
// pre-condition is that `rev` is not undefined | ||
const checkValidRev = (rev) => { | ||
if (typeof rev !== 'number') { | ||
rev = parseInt(rev, 10); | ||
} | ||
|
||
// check if rev is a number | ||
if (isNaN(rev)) { | ||
throw new CustomError('rev is not a number', 'apierror'); | ||
} | ||
|
||
// ensure this is not a negative number | ||
if (rev < 0) { | ||
throw new CustomError('rev is not a negative number', 'apierror'); | ||
} | ||
|
||
// ensure this is not a float value | ||
if (!isInt(rev)) { | ||
throw new CustomError('rev is a float value', 'apierror'); | ||
} | ||
|
||
return rev; | ||
}; | ||
|
||
// checks if a number is an int | ||
const isInt = (value) => (parseFloat(value) === parseInt(value, 10)) && !isNaN(value); | ||
|
||
exports.isInt = isInt; | ||
exports.checkValidRev = checkValidRev; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.