diff options
author | Egil Moeller <egil.moller@freecode.no> | 2012-02-26 13:07:51 +0100 |
---|---|---|
committer | Egil Moeller <egil.moller@freecode.no> | 2012-02-26 13:07:51 +0100 |
commit | 1239ce7f284821ad4ce51f8219c480ff557a5b86 (patch) | |
tree | 83816de3b8855fb89fadcb2383b3f8f81d66daf8 /src/node/hooks/express/padurlsanitize.js | |
parent | 1955bdec9a0f0448e5b04638f0e69ed3b9210f39 (diff) | |
download | etherpad-lite-1239ce7f284821ad4ce51f8219c480ff557a5b86.zip |
The Big Renaming - etherpad is now an NPM module
Diffstat (limited to 'src/node/hooks/express/padurlsanitize.js')
-rw-r--r-- | src/node/hooks/express/padurlsanitize.js | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/node/hooks/express/padurlsanitize.js b/src/node/hooks/express/padurlsanitize.js new file mode 100644 index 00000000..4f5dd7a5 --- /dev/null +++ b/src/node/hooks/express/padurlsanitize.js @@ -0,0 +1,29 @@ +var padManager = require('../../db/PadManager'); + +exports.expressCreateServer = function (hook_name, args, cb) { + //redirects browser to the pad's sanitized url if needed. otherwise, renders the html + args.app.param('pad', function (req, res, next, padId) { + //ensure the padname is valid and the url doesn't end with a / + if(!padManager.isValidPadId(padId) || /\/$/.test(req.url)) + { + res.send('Such a padname is forbidden', 404); + } + else + { + padManager.sanitizePadId(padId, function(sanitizedPadId) { + //the pad id was sanitized, so we redirect to the sanitized version + if(sanitizedPadId != padId) + { + var real_path = req.path.replace(/^\/p\/[^\/]+/, '/p/' + sanitizedPadId); + res.header('Location', real_path); + res.send('You should be redirected to <a href="' + real_path + '">' + real_path + '</a>', 302); + } + //the pad id was fine, so just render it + else + { + next(); + } + }); + } + }); +} |