|
|
@@ -5,6 +5,8 @@ const path = require('path')
|
|
|
|
|
|
const localeSegmentRegex = /^[A-Z]{2}(-[A-Z]{2})?$/i
|
|
|
const localeFolderRegex = /^([a-z]{2}(?:-[a-z]{2})?\/)?(.*)/i
|
|
|
+// eslint-disable-next-line no-control-regex
|
|
|
+const unsafeCharsRegex = /[\x00-\x1f\x80-\x9f\\"|<>:*?]/
|
|
|
|
|
|
const contentToExt = {
|
|
|
markdown: 'md',
|
|
|
@@ -30,10 +32,14 @@ module.exports = {
|
|
|
// Clean Path
|
|
|
rawPath = _.trim(qs.unescape(rawPath))
|
|
|
if (_.startsWith(rawPath, '/')) { rawPath = rawPath.substring(1) }
|
|
|
+ rawPath = rawPath.replace(unsafeCharsRegex, '')
|
|
|
if (rawPath === '') { rawPath = 'home' }
|
|
|
|
|
|
// Extract Info
|
|
|
- let pathParts = _.filter(_.split(rawPath, '/'), p => !_.isEmpty(p))
|
|
|
+ let pathParts = _.filter(_.split(rawPath, '/'), p => {
|
|
|
+ p = _.trim(p)
|
|
|
+ return !_.isEmpty(p) && p !== '..' && p !== '.'
|
|
|
+ })
|
|
|
if (pathParts[0].length === 1) {
|
|
|
pathParts.shift()
|
|
|
}
|
|
|
@@ -73,7 +79,7 @@ module.exports = {
|
|
|
['date', page.updatedAt],
|
|
|
['tags', page.tags ? page.tags.map(t => t.tag).join(', ') : ''],
|
|
|
['editor', page.editorKey],
|
|
|
- ['dateCreated', page.createdAt],
|
|
|
+ ['dateCreated', page.createdAt]
|
|
|
]
|
|
|
switch (page.contentType) {
|
|
|
case 'markdown':
|
NGPixel