Fix readOnly pad export

The export request hook wasn't testing if the pad's id was from a read-only pad before validating with the pad manager. This includes an extra step that makes the read-only id verification and also avoids setting the original pad's id as the file's name.
2025-04-21 07:56:16 -04:00 · 2020-09-16 14:57:27 -03:00 · 2020-09-16 14:57:27 -03:00 · c56973ce74
commit c56973ce74
parent 9f63d9b76a
3 changed files with 27 additions and 7 deletions
--- a/src/node/hooks/express/importexport.js
+++ b/src/node/hooks/express/importexport.js
@ -4,6 +4,7 @@ var settings = require('../../utils/Settings');
 var exportHandler = require('../../handler/ExportHandler');
 var importHandler = require('../../handler/ImportHandler');
 var padManager = require("../../db/PadManager");
+var readOnlyManager = require("../../db/ReadOnlyManager");
 var authorManager = require("../../db/AuthorManager");
 const rateLimit = require("express-rate-limit");
 const securityManager = require("../../db/SecurityManager");
@ -39,14 +40,22 @@ exports.expressCreateServer = function (hook_name, args, cb) {
    res.header("Access-Control-Allow-Origin", "*");

    if (await hasPadAccess(req, res)) {
-      let exists = await padManager.doesPadExists(req.params.pad);
+      let padId = req.params.pad;
+
+      let readOnlyId = null;
+      if (readOnlyManager.isReadOnlyId(padId)) {
+        readOnlyId = padId;
+        padId = await readOnlyManager.getPadId(readOnlyId);
+      }
+
+      let exists = await padManager.doesPadExists(padId);
      if (!exists) {
-        console.warn(`Someone tried to export a pad that doesn't exist (${req.params.pad})`);
+        console.warn(`Someone tried to export a pad that doesn't exist (${padId})`);
        return next();
      }

      console.log(`Exporting pad "${req.params.pad}" in ${req.params.type} format`);
-      exportHandler.doExport(req, res, req.params.pad, req.params.type);
+      exportHandler.doExport(req, res, padId, readOnlyId, req.params.type);
    }
  });