From e5b767144dfa4bf2476a4f74fd42f20126a08623 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Thu, 5 Dec 2024 06:14:31 +0000 Subject: [PATCH 1/8] limit creatable page path --- packages/core/src/utils/page-path-utils/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/core/src/utils/page-path-utils/index.ts b/packages/core/src/utils/page-path-utils/index.ts index 6c400a9d5ac..1b1ba7bbd5f 100644 --- a/packages/core/src/utils/page-path-utils/index.ts +++ b/packages/core/src/utils/page-path-utils/index.ts @@ -1,6 +1,6 @@ import escapeStringRegexp from 'escape-string-regexp'; -import { IUser } from '~/interfaces'; +import type { IUser } from '~/interfaces'; import { isValidObjectId } from '../objectid-utils'; import { addTrailingSlash } from '../path-utils'; @@ -117,6 +117,7 @@ const restrictedPatternsToCreate: Array = [ /^\/(_search|_private-legacy-pages)(\/.*|$)/, /^\/(installer|register|login|logout|admin|me|files|trash|paste|comments|tags|share|attachment)(\/.*|$)/, /^\/user(?:\/[^/]+)?$/, // https://regex101.com/r/9Eh2S1/1 + /^.{2000000,}$/, // avoid very long path. see: https://regex101.com/r/s9cCdf/1 ]; export const isCreatablePage = (path: string): boolean => { return !restrictedPatternsToCreate.some(pattern => path.match(pattern)); From d0a80e6a7b69447c3ea1d6fcbade16ad253a4e3b Mon Sep 17 00:00:00 2001 From: reiji-h Date: Thu, 5 Dec 2024 06:19:47 +0000 Subject: [PATCH 2/8] use javascript length --- packages/core/src/utils/page-path-utils/index.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/core/src/utils/page-path-utils/index.ts b/packages/core/src/utils/page-path-utils/index.ts index 1b1ba7bbd5f..7efcaa9222e 100644 --- a/packages/core/src/utils/page-path-utils/index.ts +++ b/packages/core/src/utils/page-path-utils/index.ts @@ -117,10 +117,9 @@ const restrictedPatternsToCreate: Array = [ /^\/(_search|_private-legacy-pages)(\/.*|$)/, /^\/(installer|register|login|logout|admin|me|files|trash|paste|comments|tags|share|attachment)(\/.*|$)/, /^\/user(?:\/[^/]+)?$/, // https://regex101.com/r/9Eh2S1/1 - /^.{2000000,}$/, // avoid very long path. see: https://regex101.com/r/s9cCdf/1 ]; export const isCreatablePage = (path: string): boolean => { - return !restrictedPatternsToCreate.some(pattern => path.match(pattern)); + return !restrictedPatternsToCreate.some(pattern => path.match(pattern)) && path.length <= 2_000_000; }; /** From ef8978dd3b33c2215301d2dcea4063d618ee8b86 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Fri, 13 Dec 2024 02:35:15 +0000 Subject: [PATCH 3/8] add slash limit pattern --- packages/core/src/utils/page-path-utils/index.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/core/src/utils/page-path-utils/index.ts b/packages/core/src/utils/page-path-utils/index.ts index 7efcaa9222e..c501aa0ee68 100644 --- a/packages/core/src/utils/page-path-utils/index.ts +++ b/packages/core/src/utils/page-path-utils/index.ts @@ -117,9 +117,10 @@ const restrictedPatternsToCreate: Array = [ /^\/(_search|_private-legacy-pages)(\/.*|$)/, /^\/(installer|register|login|logout|admin|me|files|trash|paste|comments|tags|share|attachment)(\/.*|$)/, /^\/user(?:\/[^/]+)?$/, // https://regex101.com/r/9Eh2S1/1 + /^(\/.+){500,}$/, // avoid deep layer path. see: https://regex101.com/r/s9cCdf/1 ]; export const isCreatablePage = (path: string): boolean => { - return !restrictedPatternsToCreate.some(pattern => path.match(pattern)) && path.length <= 2_000_000; + return !restrictedPatternsToCreate.some(pattern => path.match(pattern)); }; /** From 0f759044c7306b4b8ed221d6cb9fb5c8d1b32041 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Fri, 13 Dec 2024 03:08:08 +0000 Subject: [PATCH 4/8] add regex example --- packages/core/src/utils/page-path-utils/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/utils/page-path-utils/index.ts b/packages/core/src/utils/page-path-utils/index.ts index c501aa0ee68..b970deddcce 100644 --- a/packages/core/src/utils/page-path-utils/index.ts +++ b/packages/core/src/utils/page-path-utils/index.ts @@ -117,7 +117,7 @@ const restrictedPatternsToCreate: Array = [ /^\/(_search|_private-legacy-pages)(\/.*|$)/, /^\/(installer|register|login|logout|admin|me|files|trash|paste|comments|tags|share|attachment)(\/.*|$)/, /^\/user(?:\/[^/]+)?$/, // https://regex101.com/r/9Eh2S1/1 - /^(\/.+){500,}$/, // avoid deep layer path. see: https://regex101.com/r/s9cCdf/1 + /^(\/.+){500,}$/, // avoid deep layer path. see: https://regex101.com/r/L0kzOD/1 ]; export const isCreatablePage = (path: string): boolean => { return !restrictedPatternsToCreate.some(pattern => path.match(pattern)); From 2a99b278e9a5992022733dd17dcbab4d3560fba9 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Fri, 13 Dec 2024 07:30:52 +0000 Subject: [PATCH 5/8] change create error message --- apps/app/public/static/locales/en_US/translation.json | 2 +- apps/app/public/static/locales/fr_FR/translation.json | 2 +- apps/app/public/static/locales/ja_JP/translation.json | 2 +- apps/app/public/static/locales/zh_CN/translation.json | 2 +- .../components/TreeItem/NewPageInput/use-new-page-input.tsx | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/app/public/static/locales/en_US/translation.json b/apps/app/public/static/locales/en_US/translation.json index 9481d802cbf..a999a171337 100644 --- a/apps/app/public/static/locales/en_US/translation.json +++ b/apps/app/public/static/locales/en_US/translation.json @@ -157,7 +157,7 @@ "duplicated_path": "Duplicated path", "Link sharing is disabled": "Link sharing is disabled", "successfully_saved_the_page": "Successfully saved the page", - "you_can_not_create_page_with_this_name": "You can not create page with this name", + "you_can_not_create_page_with_this_name_or_hierarchy": "You can not create page with this name or page hierarchy", "not_allowed_to_see_this_page": "You cannot see this page", "Confirm": "Confirm", "Successfully requested": "Successfully requested.", diff --git a/apps/app/public/static/locales/fr_FR/translation.json b/apps/app/public/static/locales/fr_FR/translation.json index bb0d0686ba2..8c2de3482e1 100644 --- a/apps/app/public/static/locales/fr_FR/translation.json +++ b/apps/app/public/static/locales/fr_FR/translation.json @@ -157,7 +157,7 @@ "duplicated_path": "Chemin dupliqué", "Link sharing is disabled": "Le partage est désactivé", "successfully_saved_the_page": "Page sauvegardée", - "you_can_not_create_page_with_this_name": "Vous ne pouvez pas créer cette page", + "you_can_not_create_page_with_this_name_or_hierarchy": "Vous ne pouvez pas créer de page avec ce nom ou cette hiérarchie de pages", "not_allowed_to_see_this_page": "Vous ne pouvez pas voir cette page", "Confirm": "Confirmer", "Successfully requested": "Demande envoyée.", diff --git a/apps/app/public/static/locales/ja_JP/translation.json b/apps/app/public/static/locales/ja_JP/translation.json index dc7c3021ed9..49fecc4b3fa 100644 --- a/apps/app/public/static/locales/ja_JP/translation.json +++ b/apps/app/public/static/locales/ja_JP/translation.json @@ -158,7 +158,7 @@ "duplicated_path": "重複したパス", "Link sharing is disabled": "リンクのシェアは無効化されています", "successfully_saved_the_page": "ページが正常に保存されました", - "you_can_not_create_page_with_this_name": "この名前でページを作成することはできません", + "you_can_not_create_page_with_this_name_or_hierarchy": "この名前、または階層でページを作成することはできません", "not_allowed_to_see_this_page": "このページは閲覧できません", "Confirm": "確認", "Successfully requested": "正常に処理を受け付けました", diff --git a/apps/app/public/static/locales/zh_CN/translation.json b/apps/app/public/static/locales/zh_CN/translation.json index 3a3fb1e8e42..beff5df7b3a 100644 --- a/apps/app/public/static/locales/zh_CN/translation.json +++ b/apps/app/public/static/locales/zh_CN/translation.json @@ -163,7 +163,7 @@ "duplicated_path": "Duplicated path", "Link sharing is disabled": "你不允许分享该链接", "successfully_saved_the_page": "成功地保存了该页面", - "you_can_not_create_page_with_this_name": "您无法使用此名称创建页面", + "you_can_not_create_page_with_this_name_or_hierarchy": "您無法使用此名稱或頁面層級建立頁面", "not_allowed_to_see_this_page": "你不能看到这个页面", "Confirm": "确定", "Successfully requested": "进程成功接受", diff --git a/apps/app/src/client/components/TreeItem/NewPageInput/use-new-page-input.tsx b/apps/app/src/client/components/TreeItem/NewPageInput/use-new-page-input.tsx index cd86eaf517b..e3053fcf19b 100644 --- a/apps/app/src/client/components/TreeItem/NewPageInput/use-new-page-input.tsx +++ b/apps/app/src/client/components/TreeItem/NewPageInput/use-new-page-input.tsx @@ -99,7 +99,7 @@ export const useNewPageInput = (): UseNewPageInput => { const isCreatable = pagePathUtils.isCreatablePage(newPagePath); if (!isCreatable) { - toastWarning(t('you_can_not_create_page_with_this_name')); + toastWarning(t('you_can_not_create_page_with_this_name_or_hierarchy')); return; } From e702b2e1ac37505ffc2dd9cbffc5125154eb1f82 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Fri, 13 Dec 2024 07:57:57 +0000 Subject: [PATCH 6/8] remove unused import --- apps/app/src/server/models/page.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/app/src/server/models/page.ts b/apps/app/src/server/models/page.ts index 30684de2b25..48c2d812c1c 100644 --- a/apps/app/src/server/models/page.ts +++ b/apps/app/src/server/models/page.ts @@ -9,7 +9,7 @@ import { } from '@growi/core'; import type { IPagePopulatedToShowRevision } from '@growi/core/dist/interfaces'; import { getIdForRef, isPopulated } from '@growi/core/dist/interfaces'; -import { isTopPage, hasSlash } from '@growi/core/dist/utils/page-path-utils'; +import { isTopPage, hasSlash, isCreatablePage } from '@growi/core/dist/utils/page-path-utils'; import { addTrailingSlash, normalizePath } from '@growi/core/dist/utils/path-utils'; import escapeStringRegexp from 'escape-string-regexp'; import type { From 84362eabcd81ff408a20a676378f7c4d49d03940 Mon Sep 17 00:00:00 2001 From: reiji-h Date: Fri, 13 Dec 2024 07:58:14 +0000 Subject: [PATCH 7/8] remove unused import --- apps/app/src/server/models/page.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/app/src/server/models/page.ts b/apps/app/src/server/models/page.ts index 48c2d812c1c..30684de2b25 100644 --- a/apps/app/src/server/models/page.ts +++ b/apps/app/src/server/models/page.ts @@ -9,7 +9,7 @@ import { } from '@growi/core'; import type { IPagePopulatedToShowRevision } from '@growi/core/dist/interfaces'; import { getIdForRef, isPopulated } from '@growi/core/dist/interfaces'; -import { isTopPage, hasSlash, isCreatablePage } from '@growi/core/dist/utils/page-path-utils'; +import { isTopPage, hasSlash } from '@growi/core/dist/utils/page-path-utils'; import { addTrailingSlash, normalizePath } from '@growi/core/dist/utils/path-utils'; import escapeStringRegexp from 'escape-string-regexp'; import type { From 15f416cfb3d07291ef43497fe634f9e19efa63b3 Mon Sep 17 00:00:00 2001 From: Yuki Takei Date: Wed, 18 Dec 2024 00:05:56 +0900 Subject: [PATCH 8/8] Update restrictedPatternsToCreate to avoid 130 or above layer path --- packages/core/src/utils/page-path-utils/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/core/src/utils/page-path-utils/index.ts b/packages/core/src/utils/page-path-utils/index.ts index b970deddcce..59af24a2255 100644 --- a/packages/core/src/utils/page-path-utils/index.ts +++ b/packages/core/src/utils/page-path-utils/index.ts @@ -117,7 +117,7 @@ const restrictedPatternsToCreate: Array = [ /^\/(_search|_private-legacy-pages)(\/.*|$)/, /^\/(installer|register|login|logout|admin|me|files|trash|paste|comments|tags|share|attachment)(\/.*|$)/, /^\/user(?:\/[^/]+)?$/, // https://regex101.com/r/9Eh2S1/1 - /^(\/.+){500,}$/, // avoid deep layer path. see: https://regex101.com/r/L0kzOD/1 + /^(\/.+){130,}$/, // avoid deep layer path. see: https://regex101.com/r/L0kzOD/1 ]; export const isCreatablePage = (path: string): boolean => { return !restrictedPatternsToCreate.some(pattern => path.match(pattern));