fix: auto-trim trailing slash from paths + illegal chars check during…

… move
requarks · Apr 25, 2020 · 7306fab · 7306fab
1 parent 566043e
commit 7306fab
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/server/models/pages.js b/server/models/pages.js
@@ -214,10 +214,15 @@ module.exports = class Page extends Model {
    */
   static async createPage(opts) {
     // -> Validate path
-    if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0) {
+    if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0 || opts.path.index('\\') >= 0) {
       throw new WIKI.Error.PageIllegalPath()
     }
 
+    // -> Remove trailing slash
+    if (opts.path.endsWidth('/')) {
+      opts.path = opts.path.slice(0, -1)
+    }
+
     // -> Check for page access
     if (!WIKI.auth.checkAccess(opts.user, ['write:pages'], {
       locale: opts.locale,
@@ -398,6 +403,16 @@ module.exports = class Page extends Model {
       throw new WIKI.Error.PageNotFound()
     }
 
+    // -> Validate path
+    if (opts.destinationPath.indexOf('.') >= 0 || opts.destinationPath.indexOf(' ') >= 0 || opts.destinationPath.index('\\') >= 0) {
+      throw new WIKI.Error.PageIllegalPath()
+    }
+
+    // -> Remove trailing slash
+    if (opts.destinationPath.endsWidth('/')) {
+      opts.destinationPath = opts.destinationPath.slice(0, -1)
+    }
+
     // -> Check for source page access
     if (!WIKI.auth.checkAccess(opts.user, ['manage:pages'], {
       locale: page.localeCode,