Bump for 1.2.9

Sanitize node type names when displaying in notifications
Sanitize branch name before displaying in notification message
2025-03-01 10:36:34 +00:00 · 2021-02-03 18:04:37 +00:00 · 2021-02-03 15:50:05 +00:00 · 2021-02-03 15:46:57 +00:00 · 2021-02-03 15:43:26 +00:00
13 changed files with 51 additions and 28 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,14 @@
+### 1.2.9: Maintenance Release
+
+Editor
+
+ - Sanitize node type names when displaying in notifications
+ - Sanitize branch name before displaying in notification message
+
+Runtime
+
+ - Handle more valid language codes when validating lang params Fixes #2856
+
 ### 1.2.8: Maintenance Release

 Editor
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "node-red",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "description": "Low-code programming for event-driven applications",
    "homepage": "http://nodered.org",
    "license": "Apache-2.0",
--- a/packages/node_modules/@node-red/editor-api/lib/admin/nodes.js
+++ b/packages/node_modules/@node-red/editor-api/lib/admin/nodes.js
@@ -33,6 +33,9 @@ module.exports = {
            })
        } else {
            opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+                opts.lang = "en-US";
+            }
            runtimeAPI.nodes.getNodeConfigs(opts).then(function(configs) {
                res.send(configs);
            })
@@ -91,6 +94,9 @@ module.exports = {
            })
        } else {
            opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+                opts.lang = "en-US";
+            }
            runtimeAPI.nodes.getNodeConfig(opts).then(function(result) {
                return res.send(result);
            }).catch(function(err) {
@@ -160,6 +166,9 @@ module.exports = {
            lang: req.query.lng,
            req: apiUtils.getRequestLogObject(req)
        }
+        if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+            opts.lang = "en-US";
+        }
        runtimeAPI.nodes.getModuleCatalog(opts).then(function(result) {
            res.json(result);
        }).catch(function(err) {
@@ -174,6 +183,9 @@ module.exports = {
            lang: req.query.lng,
            req: apiUtils.getRequestLogObject(req)
        }
+        if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+            opts.lang = "en-US";
+        }
        runtimeAPI.nodes.getModuleCatalogs(opts).then(function(result) {
            res.json(result);
        }).catch(function(err) {
--- a/packages/node_modules/@node-red/editor-api/lib/editor/locales.js
+++ b/packages/node_modules/@node-red/editor-api/lib/editor/locales.js
@@ -41,7 +41,7 @@ module.exports = {
        var namespace = req.params[0];
        namespace = namespace.replace(/\.json$/,"");
        var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []);
-        if (/[^a-z\-\*]/i.test(lang)) {
+        if (/[^0-9a-z=\-\*]/i.test(lang)) {
            res.json({});
            return;
        }
--- a/packages/node_modules/@node-red/editor-api/package.json
+++ b/packages/node_modules/@node-red/editor-api/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/editor-api",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,8 +16,8 @@
        }
    ],
    "dependencies": {
-        "@node-red/util": "1.2.8",
-        "@node-red/editor-client": "1.2.8",
+        "@node-red/util": "1.2.9",
+        "@node-red/editor-client": "1.2.9",
        "bcryptjs": "2.4.3",
        "body-parser": "1.19.0",
        "clone": "2.1.2",
--- a/packages/node_modules/@node-red/editor-client/package.json
+++ b/packages/node_modules/@node-red/editor-client/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/editor-client",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/@node-red/editor-client/src/js/red.js
+++ b/packages/node_modules/@node-red/editor-client/src/js/red.js
@@ -231,7 +231,7 @@ var RED = (function() {
                            "merge-complete": RED._("notification.project.merge-complete")
                        }[msg.action];
                        loader.end()
-                        RED.notify("<p>"+message+"</p>");
+                        RED.notify($("<p>").text(message));
                        RED.sidebar.info.refresh()
                    });
                });
@@ -402,7 +402,7 @@ var RED = (function() {
                    });
                });
                if (addedTypes.length) {
-                    typeList = "<ul><li>"+addedTypes.join("</li><li>")+"</li></ul>";
+                    typeList = "<ul><li>"+addedTypes.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                    RED.notify(RED._("palette.event.nodeAdded", {count:addedTypes.length})+typeList,"success");
                }
                loadIconList();
@@ -411,7 +411,7 @@ var RED = (function() {
                    m = msg[i];
                    info = RED.nodes.removeNodeSet(m.id);
                    if (info.added) {
-                        typeList = "<ul><li>"+m.types.join("</li><li>")+"</li></ul>";
+                        typeList = "<ul><li>"+m.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                        RED.notify(RED._("palette.event.nodeRemoved", {count:m.types.length})+typeList,"success");
                    }
                }
@@ -421,12 +421,12 @@ var RED = (function() {
                    info = RED.nodes.getNodeSet(msg.id);
                    if (info.added) {
                        RED.nodes.enableNodeSet(msg.id);
-                        typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                        typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                        RED.notify(RED._("palette.event.nodeEnabled", {count:msg.types.length})+typeList,"success");
                    } else {
                        $.get('nodes/'+msg.id, function(data) {
                            appendNodeConfig(data);
-                            typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                            typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                            RED.notify(RED._("palette.event.nodeAdded", {count:msg.types.length})+typeList,"success");
                        });
                    }
@@ -434,7 +434,7 @@ var RED = (function() {
            } else if (topic == "notification/node/disabled") {
                if (msg.types) {
                    RED.nodes.disableNodeSet(msg.id);
-                    typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                    typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                    RED.notify(RED._("palette.event.nodeDisabled", {count:msg.types.length})+typeList,"success");
                }
            } else if (topic == "notification/node/upgraded") {
--- a/packages/node_modules/@node-red/nodes/package.json
+++ b/packages/node_modules/@node-red/nodes/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/nodes",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/@node-red/registry/package.json
+++ b/packages/node_modules/@node-red/registry/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/registry",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,7 +16,7 @@
        }
    ],
    "dependencies": {
-        "@node-red/util": "1.2.8",
+        "@node-red/util": "1.2.9",
        "semver": "6.3.0",
        "tar": "6.0.5",
        "uglify-js": "3.12.4",
--- a/packages/node_modules/@node-red/runtime/lib/api/nodes.js
+++ b/packages/node_modules/@node-red/runtime/lib/api/nodes.js
@@ -99,7 +99,7 @@ var api = module.exports = {
        return new Promise(function(resolve,reject) {
            var id = opts.id;
            var lang = opts.lang;
-            if (/[^a-z\-\*]/i.test(opts.lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
                reject(new Error("Invalid language: "+opts.lang));
                return
            }
@@ -128,7 +128,7 @@ var api = module.exports = {
    getNodeConfigs: function(opts) {
        return new Promise(function(resolve,reject) {
            runtime.log.audit({event: "nodes.configs.get"}, opts.req);
-            if (/[^a-z\-\*]/i.test(opts.lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
                reject(new Error("Invalid language: "+opts.lang));
                return
            }
@@ -406,7 +406,7 @@ var api = module.exports = {
            var namespace = opts.module;
            var lang = opts.lang;
            var prevLang = runtime.i18n.i.language;
-            if (/[^a-z\-\*]/i.test(lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(lang)) {
                reject(new Error("Invalid language: "+lang));
                return
            }
@@ -439,7 +439,7 @@ var api = module.exports = {
        return new Promise(function(resolve,reject) {
            var namespace = opts.module;
            var lang = opts.lang;
-            if (/[^a-z\-\*]/i.test(lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(lang)) {
                reject(new Error("Invalid language: "+lang));
                return
            }
--- a/packages/node_modules/@node-red/runtime/package.json
+++ b/packages/node_modules/@node-red/runtime/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/runtime",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "main": "./lib/index.js",
    "repository": {
@@ -16,8 +16,8 @@
        }
    ],
    "dependencies": {
-        "@node-red/registry": "1.2.8",
-        "@node-red/util": "1.2.8",
+        "@node-red/registry": "1.2.9",
+        "@node-red/util": "1.2.9",
        "async-mutex": "0.2.6",
        "clone": "2.1.2",
        "express": "4.17.1",
--- a/packages/node_modules/@node-red/util/package.json
+++ b/packages/node_modules/@node-red/util/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@node-red/util",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "license": "Apache-2.0",
    "repository": {
        "type": "git",
--- a/packages/node_modules/node-red/package.json
+++ b/packages/node_modules/node-red/package.json
@@ -1,6 +1,6 @@
 {
    "name": "node-red",
-    "version": "1.2.8",
+    "version": "1.2.9",
    "description": "Low-code programming for event-driven applications",
    "homepage": "http://nodered.org",
    "license": "Apache-2.0",
@@ -31,10 +31,10 @@
        "flow"
    ],
    "dependencies": {
-        "@node-red/editor-api": "1.2.8",
-        "@node-red/runtime": "1.2.8",
-        "@node-red/util": "1.2.8",
-        "@node-red/nodes": "1.2.8",
+        "@node-red/editor-api": "1.2.9",
+        "@node-red/runtime": "1.2.9",
+        "@node-red/util": "1.2.9",
+        "@node-red/nodes": "1.2.9",
        "basic-auth": "2.0.1",
        "bcryptjs": "2.4.3",
        "express": "4.17.1",
Author	SHA1	Message	Date
Nick O'Leary	fad8dcd304	Bump for 1.2.9	2021-02-03 18:04:37 +00:00
Nick O'Leary	1633a2ff70	Sanitize node type names when displaying in notifications	2021-02-03 15:50:05 +00:00
Nick O'Leary	a2878fa066	Sanitize branch name before displaying in notification message	2021-02-03 15:46:57 +00:00
Nick O'Leary	735de2908a	Handle more valid language codes when validating lang params Fixes #2856	2021-02-03 15:43:26 +00:00