diff options
| author | Stefan <stefan@stefans-entwicklerecke.de> | 2015-04-13 17:27:37 +0200 |
|---|---|---|
| committer | Stefan <stefan@stefans-entwicklerecke.de> | 2015-04-13 17:27:37 +0200 |
| commit | 24b0712d77abb91ebea2d67f06f565861ec008f0 (patch) | |
| tree | 8e7f6d9010151984ecfd99c133b6c23e163aaf5d /src/node/db/API.js | |
| parent | cc34f4e325830f798321b8152095c4dccd6b465f (diff) | |
| parent | 64d94cb3464303a2564ee8dca28b2a872c30d650 (diff) | |
| download | etherpad-lite-24b0712d77abb91ebea2d67f06f565861ec008f0.zip | |
Merge new release into master branch!
Diffstat (limited to 'src/node/db/API.js')
| -rw-r--r-- | src/node/db/API.js | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/node/db/API.js b/src/node/db/API.js index edd130e2..97d5162d 100644 --- a/src/node/db/API.js +++ b/src/node/db/API.js @@ -687,12 +687,21 @@ Example returns: exports.createPad = function(padID, text, callback) { //ensure there is no $ in the padID - if(padID && padID.indexOf("$") != -1) + if(padID) { - callback(new customError("createPad can't create group pads","apierror")); - return; + if(padID.indexOf("$") != -1) + { + callback(new customError("createPad can't create group pads","apierror")); + return; + } + //check for url special characters + else if(padID.match(/(\/|\?|&|#)/)) + { + callback(new customError("malformed padID: Remove special characters","apierror")); + return; + } } - + //create pad getPadSafe(padID, false, text, function(err) { |