mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 14:47:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

move url sanitizing function into module

Browse source
This commit is contained in:
booo 2012-02-08 15:36:30 +01:00
parent 11a1ea0d80
commit 3584e130f5
2 changed files with 31 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

28
node/routes/preconditions.js Normal file
View file

@ -0,0 +1,28 @@
module.exports = function(app)
{
//redirects browser to the pad's sanitized url if needed. otherwise, renders the html
app.param('pad', function (req, res, next, padId) {
//ensure the padname is valid and the url doesn't end with a /
if(!app.padManager.isValidPadId(padId) || /\/$/.test(req.url))
{
res.send('Such a padname is forbidden', 404);
}
else
{
app.padManager.sanitizePadId(padId, function(sanitizedPadId) {
//the pad id was sanitized, so we redirect to the sanitized version
if(sanitizedPadId != padId)
{
var real_path = req.path.replace(/^\/p\/[^\/]+/, '/p/' + sanitizedPadId);
res.header('Location', real_path);
res.send('You should be redirected to <a href="' + real_path + '">' + real_path + '</a>', 302);
}
//the pad id was fine, so just render it
else
{
next();
}
});
}
});
};

32
node/server.js
View file

@ -20,7 +20,6 @@
* limitations under the License. * limitations under the License.
*/ */
var ERR = require("async-stacktrace");
var log4js = require('log4js'); var log4js = require('log4js');
var os = require("os"); var os = require("os");
var socketio = require('socket.io'); var socketio = require('socket.io');
@ -32,7 +31,6 @@ var express = require('express');
var path = require('path'); var path = require('path');
var minify = require('./utils/Minify'); var minify = require('./utils/Minify');
var formidable = require('formidable'); var formidable = require('formidable');
var padManager;
var socketIORouter; var socketIORouter;
//try to get the git version //try to get the git version
@ -81,32 +79,8 @@ async.waterfall([
next(); next();
}); });
//preconditions i.e. sanitize urls
//redirects browser to the pad's sanitized url if needed. otherwise, renders the html require('./routes/preconditions')(app);
app.param('pad', function (req, res, next, padId) {
//ensure the padname is valid and the url doesn't end with a /
if(!padManager.isValidPadId(padId) || /\/$/.test(req.url))
{
res.send('Such a padname is forbidden', 404);
}
else
{
padManager.sanitizePadId(padId, function(sanitizedPadId) {
//the pad id was sanitized, so we redirect to the sanitized version
if(sanitizedPadId != padId)
{
var real_path = req.path.replace(/^\/p\/[^\/]+/, '/p/' + sanitizedPadId);
res.header('Location', real_path);
res.send('You should be redirected to <a href="' + real_path + '">' + real_path + '</a>', 302);
}
//the pad id was fine, so just render it
else
{
next();
}
});
}
});
//load modules that needs a initalized db //load modules that needs a initalized db
app.readOnlyManager = require("./db/ReadOnlyManager"); app.readOnlyManager = require("./db/ReadOnlyManager");
@ -114,7 +88,7 @@ async.waterfall([
app.exportHandler = require('./handler/ExportHandler'); app.exportHandler = require('./handler/ExportHandler');
app.importHandler = require('./handler/ImportHandler'); app.importHandler = require('./handler/ImportHandler');
app.apiHandler = require('./handler/APIHandler'); app.apiHandler = require('./handler/APIHandler');
padManager = require('./db/PadManager'); app.padManager = require('./db/PadManager');
app.securityManager = require('./db/SecurityManager'); app.securityManager = require('./db/SecurityManager');
socketIORouter = require("./handler/SocketIORouter"); socketIORouter = require("./handler/SocketIORouter");