Strona główna Odkrywaj Pomoc
Zaloguj się
wiki
/
weseek__growi
kopia lustrzana https://github.com/weseek/growi
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

Merge branch 'master' into feat/3176-grid-edit-modal-for-master-merge

itizawa 5 lat temu
rodzic
b0e01d4e2d 0ce850eefc
commit
a423b9bf0b
3 zmienionych plików z 44 dodań i 2 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 37 0
      src/client/styles/scss/theme/_apply-colors-dark.scss
  2. 1 1
      src/server/routes/attachment.js
  3. 6 1
      src/server/routes/tag.js

+ 37 - 0
src/client/styles/scss/theme/_apply-colors-dark.scss
Wyświetl plik 

@@ -271,6 +271,43 @@ ul.pagination {
 
   .popover-body {
 
   .popover-body {
 
     color: inherit;
 
     color: inherit;
 
   }
 
   }
 
+
 
+  &.bs-popover-top .arrow {
 
+    &::before {
 
+      border-top-color: $secondary;
 
+    }
 
+
 
+    &::after {
 
+      border-top-color: $bgcolor-global;
 
+    }
 
+  }
 
+  &.bs-popover-bottom .arrow {
 
+    &::before {
 
+      border-bottom-color: $secondary;
 
+    }
 
+
 
+    &::after {
 
+      border-bottom-color: $bgcolor-global;
 
+    }
 
+  }
 
+  &.bs-popover-right .arrow {
 
+    &::before {
 
+      border-right-color: $secondary;
 
+    }
 
+
 
+    &::after {
 
+      border-right-color: $bgcolor-global;
 
+    }
 
+  }
 
+  &.bs-popover-left .arrow {
 
+    &::before {
 
+      border-left-color: $secondary;
 
+    }
 
+
 
+    &::after {
 
+      border-left-color: $bgcolor-global;
 
+    }
 
+  }
 
 }
 
 }
 
 
 
 /*
 
 /*

+ 1 - 1
src/server/routes/attachment.js
Wyświetl plik 

@@ -239,7 +239,7 @@ module.exports = function(crowi, app) {
 
     else {
 
     else {
 
       res.set({
 
       res.set({
 
         'Content-Type': attachment.fileFormat,
 
         'Content-Type': attachment.fileFormat,
 
-        'Content-Security-Policy': "script-src 'unsafe-hashes'",
 
+        'Content-Security-Policy': "script-src 'unsafe-hashes'; object-src 'none'; require-trusted-types-for 'script'; default-src 'none';",
 
       });
 
       });
 
     }
 
     }
 
   }
 
   }

+ 6 - 1
src/server/routes/tag.js
Wyświetl plik 

@@ -82,7 +82,12 @@ module.exports = function(crowi, app) {
 
    * @apiParam {String} q keyword
 
    * @apiParam {String} q keyword
 
    */
 
    */
 
   api.search = async function(req, res) {
 
   api.search = async function(req, res) {
 
-    let tags = await Tag.find({ name: new RegExp(`^${req.query.q}`) }).select('-_id name');
 
+    // https://regex101.com/r/J1cN6O/1
 
+    // prevent from unexpecting attack doing regular expression on tag search (DoS attack)
 
+    // Search for regular expressions as normal characters
 
+    // e.g. user*$ -> user\*\$ (escape a regular expression)
 
+    const escapeRegExp = req.query.q.replace(/[\\^$/.*+?()[\]{}|]/g, '\\$&');
 
+    let tags = await Tag.find({ name: new RegExp(`^${escapeRegExp}`) }).select('_id name');
 
     tags = tags.map((tag) => { return tag.name });
 
     tags = tags.map((tag) => { return tag.name });
 
     return res.json(ApiResponse.success({ tags }));
 
     return res.json(ApiResponse.success({ tags }));
 
   };
 
   };