|
|
@@ -982,13 +982,17 @@ module.exports = function(crowi) {
|
|
|
};
|
|
|
|
|
|
pageSchema.statics.create = function(path, body, user, options) {
|
|
|
- var Page = this
|
|
|
+ const Page = this
|
|
|
, Revision = crowi.model('Revision')
|
|
|
, format = options.format || 'markdown'
|
|
|
- , grant = options.grant || GRANT_PUBLIC
|
|
|
, redirectTo = options.redirectTo || null
|
|
|
, grantUserGroupId = options.grantUserGroupId || null;
|
|
|
|
|
|
+ let grant = options.grant || GRANT_PUBLIC;
|
|
|
+
|
|
|
+ // sanitize path
|
|
|
+ path = crowi.xss.process(path);
|
|
|
+
|
|
|
// force public
|
|
|
if (isPortalPath(path)) {
|
|
|
grant = GRANT_PUBLIC;
|
|
|
@@ -1001,7 +1005,7 @@ module.exports = function(crowi) {
|
|
|
throw new Error('Cannot create new page to existed path');
|
|
|
}
|
|
|
|
|
|
- var newPage = new Page();
|
|
|
+ const newPage = new Page();
|
|
|
newPage.path = path;
|
|
|
newPage.creator = user;
|
|
|
newPage.lastUpdateUser = user;
|
|
|
@@ -1249,11 +1253,14 @@ module.exports = function(crowi) {
|
|
|
};
|
|
|
|
|
|
pageSchema.statics.rename = function(pageData, newPagePath, user, options) {
|
|
|
- var Page = this
|
|
|
+ const Page = this
|
|
|
, Revision = crowi.model('Revision')
|
|
|
, path = pageData.path
|
|
|
, createRedirectPage = options.createRedirectPage || 0
|
|
|
- , moveUnderTrees = options.moveUnderTrees || 0;
|
|
|
+ ;
|
|
|
+
|
|
|
+ // sanitize path
|
|
|
+ newPagePath = crowi.xss.process(newPagePath);
|
|
|
|
|
|
return Page.updatePageProperty(pageData, {updatedAt: Date.now(), path: newPagePath, lastUpdateUser: user}) // pageData の path を変更
|
|
|
.then((data) => {
|
|
|
@@ -1264,7 +1271,7 @@ module.exports = function(crowi) {
|
|
|
pageData.path = newPagePath;
|
|
|
|
|
|
if (createRedirectPage) {
|
|
|
- var body = 'redirect ' + newPagePath;
|
|
|
+ const body = 'redirect ' + newPagePath;
|
|
|
Page.create(path, body, user, {redirectTo: newPagePath});
|
|
|
}
|
|
|
pageEvent.emit('update', pageData, user); // update as renamed page
|
|
|
@@ -1274,10 +1281,13 @@ module.exports = function(crowi) {
|
|
|
};
|
|
|
|
|
|
pageSchema.statics.renameRecursively = function(pageData, newPagePathPrefix, user, options) {
|
|
|
- var Page = this
|
|
|
+ const Page = this
|
|
|
, path = pageData.path
|
|
|
, pathRegExp = new RegExp('^' + escapeStringRegexp(path), 'i');
|
|
|
|
|
|
+ // sanitize path
|
|
|
+ newPagePathPrefix = crowi.xss.process(newPagePathPrefix);
|
|
|
+
|
|
|
return Page.generateQueryToListWithDescendants(path, user, options)
|
|
|
.then(function(pages) {
|
|
|
return Promise.all(pages.map(function(page) {
|
Yuki Takei