|
|
@@ -214,10 +214,15 @@ module.exports = class Page extends Model {
|
|
|
*/
|
|
|
static async createPage(opts) {
|
|
|
// -> Validate path
|
|
|
- if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0) {
|
|
|
+ if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0 || opts.path.index('\\') >= 0) {
|
|
|
throw new WIKI.Error.PageIllegalPath()
|
|
|
}
|
|
|
|
|
|
+ // -> Remove trailing slash
|
|
|
+ if (opts.path.endsWidth('/')) {
|
|
|
+ opts.path = opts.path.slice(0, -1)
|
|
|
+ }
|
|
|
+
|
|
|
// -> Check for page access
|
|
|
if (!WIKI.auth.checkAccess(opts.user, ['write:pages'], {
|
|
|
locale: opts.locale,
|
|
|
@@ -398,6 +403,16 @@ module.exports = class Page extends Model {
|
|
|
throw new WIKI.Error.PageNotFound()
|
|
|
}
|
|
|
|
|
|
+ // -> Validate path
|
|
|
+ if (opts.destinationPath.indexOf('.') >= 0 || opts.destinationPath.indexOf(' ') >= 0 || opts.destinationPath.index('\\') >= 0) {
|
|
|
+ throw new WIKI.Error.PageIllegalPath()
|
|
|
+ }
|
|
|
+
|
|
|
+ // -> Remove trailing slash
|
|
|
+ if (opts.destinationPath.endsWidth('/')) {
|
|
|
+ opts.destinationPath = opts.destinationPath.slice(0, -1)
|
|
|
+ }
|
|
|
+
|
|
|
// -> Check for source page access
|
|
|
if (!WIKI.auth.checkAccess(opts.user, ['manage:pages'], {
|
|
|
locale: page.localeCode,
|
NGPixel