1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Validate user-provided language parameter before passing to i18n

This commit is contained in:
Nick O'Leary 2021-01-25 17:06:27 +00:00
parent 79473c243d
commit a0f736bb88
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 46 additions and 31 deletions

View File

@ -39,9 +39,12 @@ module.exports = {
}, },
get: function(req,res) { get: function(req,res) {
var namespace = req.params[0]; var namespace = req.params[0];
var lngs = req.query.lng;
namespace = namespace.replace(/\.json$/,""); namespace = namespace.replace(/\.json$/,"");
var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []); var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []);
if (/[^a-z\-]/i.test(lang)) {
res.json({});
return;
}
var prevLang = i18n.i.language; var prevLang = i18n.i.language;
// Trigger a load from disk of the language if it is not the default // Trigger a load from disk of the language if it is not the default
i18n.i.changeLanguage(lang, function(){ i18n.i.changeLanguage(lang, function(){

View File

@ -99,6 +99,10 @@ var api = module.exports = {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
var id = opts.id; var id = opts.id;
var lang = opts.lang; var lang = opts.lang;
if (/[^a-z\-]/i.test(opts.lang)) {
reject(new Error("Invalid language: "+opts.lang));
return
}
var result = runtime.nodes.getNodeConfig(id,lang); var result = runtime.nodes.getNodeConfig(id,lang);
if (result) { if (result) {
runtime.log.audit({event: "nodes.config.get",id:id}, opts.req); runtime.log.audit({event: "nodes.config.get",id:id}, opts.req);
@ -124,6 +128,10 @@ var api = module.exports = {
getNodeConfigs: function(opts) { getNodeConfigs: function(opts) {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
runtime.log.audit({event: "nodes.configs.get"}, opts.req); runtime.log.audit({event: "nodes.configs.get"}, opts.req);
if (/[^a-z\-]/i.test(opts.lang)) {
reject(new Error("Invalid language: "+opts.lang));
return
}
return resolve(runtime.nodes.getNodeConfigs(opts.lang)); return resolve(runtime.nodes.getNodeConfigs(opts.lang));
}); });
}, },
@ -398,6 +406,10 @@ var api = module.exports = {
var namespace = opts.module; var namespace = opts.module;
var lang = opts.lang; var lang = opts.lang;
var prevLang = runtime.i18n.i.language; var prevLang = runtime.i18n.i.language;
if (/[^a-z\-]/i.test(lang)) {
reject(new Error("Invalid language: "+lang));
return
}
// Trigger a load from disk of the language if it is not the default // Trigger a load from disk of the language if it is not the default
runtime.i18n.i.changeLanguage(lang, function(){ runtime.i18n.i.changeLanguage(lang, function(){
var nodeList = runtime.nodes.getNodeList(); var nodeList = runtime.nodes.getNodeList();
@ -427,6 +439,10 @@ var api = module.exports = {
return new Promise(function(resolve,reject) { return new Promise(function(resolve,reject) {
var namespace = opts.module; var namespace = opts.module;
var lang = opts.lang; var lang = opts.lang;
if (/[^a-z\-]/i.test(lang)) {
reject(new Error("Invalid language: "+lang));
return
}
var prevLang = runtime.i18n.i.language; var prevLang = runtime.i18n.i.language;
// Trigger a load from disk of the language if it is not the default // Trigger a load from disk of the language if it is not the default
runtime.i18n.i.changeLanguage(lang, function(){ runtime.i18n.i.changeLanguage(lang, function(){

View File

@ -24,7 +24,7 @@ var i18n = require("i18next");
var when = require("when"); var when = require("when");
var path = require("path"); var path = require("path");
var fs = require("fs"); var fs = require("fs-extra");
var defaultLang = "en-US"; var defaultLang = "en-US";
@ -82,36 +82,28 @@ function mergeCatalog(fallback,catalog) {
} }
function readFile(lng, ns) { async function readFile(lng, ns) {
return new Promise((resolve, reject) => { if (/[^a-z\-]/i.test(lng)) {
if (resourceCache[ns] && resourceCache[ns][lng]) { throw new Error("Invalid language: "+lng)
resolve(resourceCache[ns][lng]); }
} else if (resourceMap[ns]) { if (resourceCache[ns] && resourceCache[ns][lng]) {
var file = path.join(resourceMap[ns].basedir, lng, resourceMap[ns].file); return resourceCache[ns][lng];
fs.readFile(file, "utf8", function (err, content) { } else if (resourceMap[ns]) {
if (err) { const file = path.join(resourceMap[ns].basedir, lng, resourceMap[ns].file);
reject(err); const content = await fs.readFile(file, "utf8");
} else { resourceCache[ns] = resourceCache[ns] || {};
try { resourceCache[ns][lng] = JSON.parse(content.replace(/^\uFEFF/, ''));
resourceCache[ns] = resourceCache[ns] || {}; var baseLng = lng.split('-')[0];
resourceCache[ns][lng] = JSON.parse(content.replace(/^\uFEFF/, '')); if (baseLng !== lng && resourceCache[ns][baseLng]) {
var baseLng = lng.split('-')[0]; mergeCatalog(resourceCache[ns][baseLng], resourceCache[ns][lng]);
if (baseLng !== lng && resourceCache[ns][baseLng]) {
mergeCatalog(resourceCache[ns][baseLng], resourceCache[ns][lng]);
}
if (lng !== defaultLang) {
mergeCatalog(resourceCache[ns][defaultLang], resourceCache[ns][lng]);
}
resolve(resourceCache[ns][lng]);
} catch (e) {
reject(e);
}
}
});
} else {
reject(new Error("Unrecognised namespace"));
} }
}); if (lng !== defaultLang) {
mergeCatalog(resourceCache[ns][defaultLang], resourceCache[ns][lng]);
}
return resourceCache[ns][lng];
} else {
throw new Error("Unrecognised namespace");
}
} }
var MessageFileLoader = { var MessageFileLoader = {
@ -182,6 +174,10 @@ function init() {
function getCatalog(namespace,lang) { function getCatalog(namespace,lang) {
var result = null; var result = null;
lang = lang || defaultLang; lang = lang || defaultLang;
if (/[^a-z\-]/i.test(lang)) {
throw new Error("Invalid language: "+lng)
}
if (resourceCache.hasOwnProperty(namespace)) { if (resourceCache.hasOwnProperty(namespace)) {
result = resourceCache[namespace][lang]; result = resourceCache[namespace][lang];
if (!result) { if (!result) {