mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-09 08:25:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

CHANGESET_REQ: ensure revNum is a number

Browse source
This commit is contained in:
webzwo0i 2023-06-25 18:55:01 +02:00
parent b33bdd3383
commit 5ec9d620c3
2 changed files with 58 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/node/handler/PadMessageHandler.js
View file

@ -39,6 +39,7 @@ const stats = require('../stats');
const assert = require('assert').strict; const assert = require('assert').strict;
const {RateLimiterMemory} = require('rate-limiter-flexible'); const {RateLimiterMemory} = require('rate-limiter-flexible');
const webaccess = require('../hooks/express/webaccess'); const webaccess = require('../hooks/express/webaccess');
const { checkValidRev } = require('../utils/checkValidRev');
let rateLimiter; let rateLimiter;
let socketio = null; let socketio = null;
@ -1076,6 +1077,7 @@ const handleChangesetRequest = async (socket, {data: {granularity, start, reques
if (granularity == null) throw new Error('missing granularity'); if (granularity == null) throw new Error('missing granularity');
if (!Number.isInteger(granularity)) throw new Error('granularity is not an integer'); if (!Number.isInteger(granularity)) throw new Error('granularity is not an integer');
if (start == null) throw new Error('missing start'); if (start == null) throw new Error('missing start');
start = checkValidRev(start);
if (requestID == null) throw new Error('mising requestID'); if (requestID == null) throw new Error('mising requestID');
const end = start + (100 * granularity); const end = start + (100 * granularity);
const {padId, author: authorId} = sessioninfos[socket.id]; const {padId, author: authorId} = sessioninfos[socket.id];

56
src/tests/backend/specs/messages.js
View file

@ -77,6 +77,62 @@ describe(__filename, function () {
await otherPad.remove(); await otherPad.remove();
} }
}); });
it('CHANGESET_REQ: verify revNum is a number (regression)', async function () {
const otherPadId = `${padId}other`;
assert(!await padManager.doesPadExist(otherPadId));
const otherPad = await padManager.getPad(otherPadId, 'other text\n');
let errorCatched = 0;
try {
await otherPad.setText('other text\n');
await common.sendMessage(roSocket, {
component: 'pad',
padId: otherPadId, // The server should ignore this.
type: 'CHANGESET_REQ',
data: {
granularity: 1,
start: 'test123',
requestID: 'requestId',
},
});
assert.equal('This code should never run', 1);
}
catch(e) {
assert.match(e.message, /rev is not a number/);
errorCatched = 1;
}
finally {
await otherPad.remove();
assert.equal(errorCatched, 1);
}
});
it('CHANGESET_REQ: revNum is converted to number if possible (regression)', async function () {
const otherPadId = `${padId}other`;
assert(!await padManager.doesPadExist(otherPadId));
const otherPad = await padManager.getPad(otherPadId, 'other text\n');
try {
await otherPad.setText('other text\n');
const resP = common.waitForSocketEvent(roSocket, 'message');
await common.sendMessage(roSocket, {
component: 'pad',
padId: otherPadId, // The server should ignore this.
type: 'CHANGESET_REQ',
data: {
granularity: 1,
start: '1test123',
requestID: 'requestId',
},
});
const res = await resP;
assert.equal(res.type, 'CHANGESET_REQ');
assert.equal(res.data.requestID, 'requestId');
assert.equal(res.data.start, 1);
}
finally {
await otherPad.remove();
}
});
}); });
describe('USER_CHANGES', function () { describe('USER_CHANGES', function () {