diff options
| author | John McLear <john@mclear.co.uk> | 2015-04-11 14:56:26 +0100 |
|---|---|---|
| committer | John McLear <john@mclear.co.uk> | 2015-04-11 14:56:26 +0100 |
| commit | 5ef22e649b661e5a5f385a1cbfc3d0399b535e04 (patch) | |
| tree | ff1ba7b425bb0e4060dc691a13ecbfbfb961ae5a /src/node/db | |
| parent | 27aa71f3a4085140b83b1fa59d0f20debe1cc294 (diff) | |
| parent | 83094e0dfd3361625ec14442d58c1e8ba935810b (diff) | |
| download | etherpad-lite-5ef22e649b661e5a5f385a1cbfc3d0399b535e04.zip | |
Merge pull request #2302 from Gared/create_pad_special_characters
Add check for special url characters to createPad API function
Diffstat (limited to 'src/node/db')
| -rw-r--r-- | src/node/db/API.js | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/node/db/API.js b/src/node/db/API.js index edd130e2..97d5162d 100644 --- a/src/node/db/API.js +++ b/src/node/db/API.js @@ -687,12 +687,21 @@ Example returns: exports.createPad = function(padID, text, callback) { //ensure there is no $ in the padID - if(padID && padID.indexOf("$") != -1) + if(padID) { - callback(new customError("createPad can't create group pads","apierror")); - return; + if(padID.indexOf("$") != -1) + { + callback(new customError("createPad can't create group pads","apierror")); + return; + } + //check for url special characters + else if(padID.match(/(\/|\?|&|#)/)) + { + callback(new customError("malformed padID: Remove special characters","apierror")); + return; + } } - + //create pad getPadSafe(padID, false, text, function(err) { |