1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Handle more valid language codes when validating lang params

Fixes #2856
This commit is contained in:
Nick O'Leary 2021-02-03 15:42:56 +00:00
parent 23f0cd3a26
commit 735de2908a
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 17 additions and 5 deletions

View File

@ -33,6 +33,9 @@ module.exports = {
}) })
} else { } else {
opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages()); opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
opts.lang = "en-US";
}
runtimeAPI.nodes.getNodeConfigs(opts).then(function(configs) { runtimeAPI.nodes.getNodeConfigs(opts).then(function(configs) {
res.send(configs); res.send(configs);
}) })
@ -91,6 +94,9 @@ module.exports = {
}) })
} else { } else {
opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages()); opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
opts.lang = "en-US";
}
runtimeAPI.nodes.getNodeConfig(opts).then(function(result) { runtimeAPI.nodes.getNodeConfig(opts).then(function(result) {
return res.send(result); return res.send(result);
}).catch(function(err) { }).catch(function(err) {
@ -160,6 +166,9 @@ module.exports = {
lang: req.query.lng, lang: req.query.lng,
req: apiUtils.getRequestLogObject(req) req: apiUtils.getRequestLogObject(req)
} }
if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
opts.lang = "en-US";
}
runtimeAPI.nodes.getModuleCatalog(opts).then(function(result) { runtimeAPI.nodes.getModuleCatalog(opts).then(function(result) {
res.json(result); res.json(result);
}).catch(function(err) { }).catch(function(err) {
@ -174,6 +183,9 @@ module.exports = {
lang: req.query.lng, lang: req.query.lng,
req: apiUtils.getRequestLogObject(req) req: apiUtils.getRequestLogObject(req)
} }
if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
opts.lang = "en-US";
}
runtimeAPI.nodes.getModuleCatalogs(opts).then(function(result) { runtimeAPI.nodes.getModuleCatalogs(opts).then(function(result) {
res.json(result); res.json(result);
}).catch(function(err) { }).catch(function(err) {

View File

@ -41,7 +41,7 @@ module.exports = {
var namespace = req.params[0]; var namespace = req.params[0];
namespace = namespace.replace(/\.json$/,""); namespace = namespace.replace(/\.json$/,"");
var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []); var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []);
if (/[^a-z\-\*]/i.test(lang)) { if (/[^0-9a-z=\-\*]/i.test(lang)) {
res.json({}); res.json({});
return; return;
} }

View File

@ -99,7 +99,7 @@ var api = module.exports = {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
var id = opts.id; var id = opts.id;
var lang = opts.lang; var lang = opts.lang;
if (/[^a-z\-\*]/i.test(opts.lang)) { if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
reject(new Error("Invalid language: "+opts.lang)); reject(new Error("Invalid language: "+opts.lang));
return return
} }
@ -128,7 +128,7 @@ var api = module.exports = {
getNodeConfigs: function(opts) { getNodeConfigs: function(opts) {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
runtime.log.audit({event: "nodes.configs.get"}, opts.req); runtime.log.audit({event: "nodes.configs.get"}, opts.req);
if (/[^a-z\-\*]/i.test(opts.lang)) { if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
reject(new Error("Invalid language: "+opts.lang)); reject(new Error("Invalid language: "+opts.lang));
return return
} }
@ -406,7 +406,7 @@ var api = module.exports = {
var namespace = opts.module; var namespace = opts.module;
var lang = opts.lang; var lang = opts.lang;
var prevLang = runtime.i18n.i.language; var prevLang = runtime.i18n.i.language;
if (/[^a-z\-\*]/i.test(lang)) { if (/[^0-9a-z=\-\*]/i.test(lang)) {
reject(new Error("Invalid language: "+lang)); reject(new Error("Invalid language: "+lang));
return return
} }
@ -439,7 +439,7 @@ var api = module.exports = {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
var namespace = opts.module; var namespace = opts.module;
var lang = opts.lang; var lang = opts.lang;
if (/[^a-z\-\*]/i.test(lang)) { if (/[^0-9a-z=\-\*]/i.test(lang)) {
reject(new Error("Invalid language: "+lang)); reject(new Error("Invalid language: "+lang));
return return
} }