Bump for 1.2.9

Fixes #2856

CHANGELOG.md

@@ -1,3 +1,14 @@
+### 1.2.9: Maintenance Release
+
+Editor
+
+ - Sanitize node type names when displaying in notifications
+ - Sanitize branch name before displaying in notification message
+
+Runtime
+
+ - Handle more valid language codes when validating lang params Fixes #2856
+
 ### 1.2.8: Maintenance Release
 
 Editor

package.json

@@ -1,6 +1,6 @@
 {
     "name": "node-red",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "description": "Low-code programming for event-driven applications",
     "homepage": "http://nodered.org",
     "license": "Apache-2.0",

packages/node_modules/@node-red/editor-api/lib/admin/nodes.js

@@ -33,6 +33,9 @@ module.exports = {
             })
         } else {
             opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+                opts.lang = "en-US";
+            }
             runtimeAPI.nodes.getNodeConfigs(opts).then(function(configs) {
                 res.send(configs);
             })
@@ -91,6 +94,9 @@ module.exports = {
             })
         } else {
             opts.lang = apiUtils.determineLangFromHeaders(req.acceptsLanguages());
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+                opts.lang = "en-US";
+            }
             runtimeAPI.nodes.getNodeConfig(opts).then(function(result) {
                 return res.send(result);
             }).catch(function(err) {
@@ -160,6 +166,9 @@ module.exports = {
             lang: req.query.lng,
             req: apiUtils.getRequestLogObject(req)
         }
+        if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+            opts.lang = "en-US";
+        }
         runtimeAPI.nodes.getModuleCatalog(opts).then(function(result) {
             res.json(result);
         }).catch(function(err) {
@@ -174,6 +183,9 @@ module.exports = {
             lang: req.query.lng,
             req: apiUtils.getRequestLogObject(req)
         }
+        if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
+            opts.lang = "en-US";
+        }
         runtimeAPI.nodes.getModuleCatalogs(opts).then(function(result) {
             res.json(result);
         }).catch(function(err) {

packages/node_modules/@node-red/editor-api/lib/editor/locales.js

@@ -41,7 +41,7 @@ module.exports = {
         var namespace = req.params[0];
         namespace = namespace.replace(/\.json$/,"");
         var lang = req.query.lng || i18n.defaultLang; //apiUtil.determineLangFromHeaders(req.acceptsLanguages() || []);
-        if (/[^a-z\-\*]/i.test(lang)) {
+        if (/[^0-9a-z=\-\*]/i.test(lang)) {
             res.json({});
             return;
         }

packages/node_modules/@node-red/editor-api/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/editor-api",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "main": "./lib/index.js",
     "repository": {
@@ -16,8 +16,8 @@
         }
     ],
     "dependencies": {
-        "@node-red/util": "1.2.8",
-        "@node-red/editor-client": "1.2.8",
+        "@node-red/util": "1.2.9",
+        "@node-red/editor-client": "1.2.9",
         "bcryptjs": "2.4.3",
         "body-parser": "1.19.0",
         "clone": "2.1.2",

packages/node_modules/@node-red/editor-client/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/editor-client",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "repository": {
         "type": "git",

packages/node_modules/@node-red/editor-client/src/js/red.js

@@ -231,7 +231,7 @@ var RED = (function() {
                             "merge-complete": RED._("notification.project.merge-complete")
                         }[msg.action];
                         loader.end()
-                        RED.notify("<p>"+message+"</p>");
+                        RED.notify($("<p>").text(message));
                         RED.sidebar.info.refresh()
                     });
                 });
@@ -402,7 +402,7 @@ var RED = (function() {
                     });
                 });
                 if (addedTypes.length) {
-                    typeList = "<ul><li>"+addedTypes.join("</li><li>")+"</li></ul>";
+                    typeList = "<ul><li>"+addedTypes.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                     RED.notify(RED._("palette.event.nodeAdded", {count:addedTypes.length})+typeList,"success");
                 }
                 loadIconList();
@@ -411,7 +411,7 @@ var RED = (function() {
                     m = msg[i];
                     info = RED.nodes.removeNodeSet(m.id);
                     if (info.added) {
-                        typeList = "<ul><li>"+m.types.join("</li><li>")+"</li></ul>";
+                        typeList = "<ul><li>"+m.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                         RED.notify(RED._("palette.event.nodeRemoved", {count:m.types.length})+typeList,"success");
                     }
                 }
@@ -421,12 +421,12 @@ var RED = (function() {
                     info = RED.nodes.getNodeSet(msg.id);
                     if (info.added) {
                         RED.nodes.enableNodeSet(msg.id);
-                        typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                        typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                         RED.notify(RED._("palette.event.nodeEnabled", {count:msg.types.length})+typeList,"success");
                     } else {
                         $.get('nodes/'+msg.id, function(data) {
                             appendNodeConfig(data);
-                            typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                            typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                             RED.notify(RED._("palette.event.nodeAdded", {count:msg.types.length})+typeList,"success");
                         });
                     }
@@ -434,7 +434,7 @@ var RED = (function() {
             } else if (topic == "notification/node/disabled") {
                 if (msg.types) {
                     RED.nodes.disableNodeSet(msg.id);
-                    typeList = "<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
+                    typeList = "<ul><li>"+msg.types.map(RED.utils.sanitize).join("</li><li>")+"</li></ul>";
                     RED.notify(RED._("palette.event.nodeDisabled", {count:msg.types.length})+typeList,"success");
                 }
             } else if (topic == "notification/node/upgraded") {

packages/node_modules/@node-red/nodes/core/parsers/70-CSV.js

@@ -52,8 +52,7 @@ module.exports = function(RED) {
             else { node.goodtmpl = true; }
             return col;
         }
-        var template = clean(node.template);
-        var notemplate = node.template.length === 1 && node.template[0] === '';
+        node.template = clean(node.template);
         node.hdrSent = false;
 
         this.on("input", function(msg) {
@@ -63,21 +62,18 @@ module.exports = function(RED) {
             if (msg.hasOwnProperty("payload")) {
                 if (typeof msg.payload == "object") { // convert object to CSV string
                     try {
-                        if (!(notemplate && (msg.hasOwnProperty("parts") && msg.parts.hasOwnProperty("index") && msg.parts.index > 0))) {
-                            template = clean(node.template);
-                        }
                         var ou = "";
                         if (!Array.isArray(msg.payload)) { msg.payload = [ msg.payload ]; }
                         if (node.hdrout !== "none" && node.hdrSent === false) {
-                            if ((template.length === 1) && (template[0] === '')) {
+                            if ((node.template.length === 1) && (node.template[0] === '')) {
                                 if (msg.hasOwnProperty("columns")) {
-                                    template = clean((msg.columns || "").split(","));
+                                    node.template = clean((msg.columns || "").split(","));
                                 }
                                 else {
-                                    template = Object.keys(msg.payload[0]);
+                                    node.template = Object.keys(msg.payload[0]);
                                 }
                             }
-                            ou += template.join(node.sep) + node.ret;
+                            ou += node.template.join(node.sep) + node.ret;
                             if (node.hdrout === "once") { node.hdrSent = true; }
                         }
                         for (var s = 0; s < msg.payload.length; s++) {
@@ -96,10 +92,10 @@ module.exports = function(RED) {
                                 ou += msg.payload[s].join(node.sep) + node.ret;
                             }
                             else {
-                                if ((template.length === 1) && (template[0] === '') && (msg.hasOwnProperty("columns"))) {
-                                    template = clean((msg.columns || "").split(","));
+                                if ((node.template.length === 1) && (node.template[0] === '') && (msg.hasOwnProperty("columns"))) {
+                                    node.template = clean((msg.columns || "").split(","));
                                 }
-                                if ((template.length === 1) && (template[0] === '')) {
+                                if ((node.template.length === 1) && (node.template[0] === '')) {
                                     /* istanbul ignore else */
                                     if (tmpwarn === true) { // just warn about missing template once
                                         node.warn(RED._("csv.errors.obj_csv"));
@@ -125,12 +121,12 @@ module.exports = function(RED) {
                                     ou = ou.slice(0,-1) + node.ret;
                                 }
                                 else {
-                                    for (var t=0; t < template.length; t++) {
-                                        if (template[t] === '') {
+                                    for (var t=0; t < node.template.length; t++) {
+                                        if (node.template[t] === '') {
                                             ou += node.sep;
                                         }
                                         else {
-                                            var p = RED.util.ensureString(RED.util.getMessageProperty(msg,"payload["+s+"]['"+template[t]+"']"));
+                                            var p = RED.util.ensureString(RED.util.getMessageProperty(msg,"payload["+s+"]['"+node.template[t]+"']"));
                                             /* istanbul ignore else */
                                             if (p === "undefined") { p = ""; }
                                             if (p.indexOf(node.quo) !== -1) { // add double quotes if any quotes
@@ -148,7 +144,7 @@ module.exports = function(RED) {
                             }
                         }
                         msg.payload = ou;
-                        msg.columns = template.join(',');
+                        msg.columns = node.template.join(',');
                         if (msg.payload !== '') { node.send(msg); }
                     }
                     catch(e) { node.error(e,msg); }

packages/node_modules/@node-red/nodes/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/nodes",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "repository": {
         "type": "git",

packages/node_modules/@node-red/registry/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/registry",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "main": "./lib/index.js",
     "repository": {
@@ -16,7 +16,7 @@
         }
     ],
     "dependencies": {
-        "@node-red/util": "1.2.8",
+        "@node-red/util": "1.2.9",
         "semver": "6.3.0",
         "tar": "6.0.5",
         "uglify-js": "3.12.4",

packages/node_modules/@node-red/runtime/lib/api/nodes.js

@@ -99,7 +99,7 @@ var api = module.exports = {
         return new Promise(function(resolve,reject) {
             var id = opts.id;
             var lang = opts.lang;
-            if (/[^a-z\-\*]/i.test(opts.lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
                 reject(new Error("Invalid language: "+opts.lang));
                 return
             }
@@ -128,7 +128,7 @@ var api = module.exports = {
     getNodeConfigs: function(opts) {
         return new Promise(function(resolve,reject) {
             runtime.log.audit({event: "nodes.configs.get"}, opts.req);
-            if (/[^a-z\-\*]/i.test(opts.lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(opts.lang)) {
                 reject(new Error("Invalid language: "+opts.lang));
                 return
             }
@@ -406,7 +406,7 @@ var api = module.exports = {
             var namespace = opts.module;
             var lang = opts.lang;
             var prevLang = runtime.i18n.i.language;
-            if (/[^a-z\-\*]/i.test(lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(lang)) {
                 reject(new Error("Invalid language: "+lang));
                 return
             }
@@ -439,7 +439,7 @@ var api = module.exports = {
         return new Promise(function(resolve,reject) {
             var namespace = opts.module;
             var lang = opts.lang;
-            if (/[^a-z\-\*]/i.test(lang)) {
+            if (/[^0-9a-z=\-\*]/i.test(lang)) {
                 reject(new Error("Invalid language: "+lang));
                 return
             }

packages/node_modules/@node-red/runtime/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/runtime",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "main": "./lib/index.js",
     "repository": {
@@ -16,8 +16,8 @@
         }
     ],
     "dependencies": {
-        "@node-red/registry": "1.2.8",
-        "@node-red/util": "1.2.8",
+        "@node-red/registry": "1.2.9",
+        "@node-red/util": "1.2.9",
         "async-mutex": "0.2.6",
         "clone": "2.1.2",
         "express": "4.17.1",

packages/node_modules/@node-red/util/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@node-red/util",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "license": "Apache-2.0",
     "repository": {
         "type": "git",

packages/node_modules/node-red/package.json

@@ -1,6 +1,6 @@
 {
     "name": "node-red",
-    "version": "1.2.8",
+    "version": "1.2.9",
     "description": "Low-code programming for event-driven applications",
     "homepage": "http://nodered.org",
     "license": "Apache-2.0",
@@ -31,10 +31,10 @@
         "flow"
     ],
     "dependencies": {
-        "@node-red/editor-api": "1.2.8",
-        "@node-red/runtime": "1.2.8",
-        "@node-red/util": "1.2.8",
-        "@node-red/nodes": "1.2.8",
+        "@node-red/editor-api": "1.2.9",
+        "@node-red/runtime": "1.2.9",
+        "@node-red/util": "1.2.9",
+        "@node-red/nodes": "1.2.9",
         "basic-auth": "2.0.1",
         "bcryptjs": "2.4.3",
         "express": "4.17.1",

test/nodes/core/parsers/70-CSV_spec.js

@@ -680,24 +680,6 @@ describe('CSV node', function() {
             });
         });
 
-        it('should be able to include column names as first row, and missing properties', function(done) {
-            var flow = [ { id:"n1", type:"csv", hdrout:true, ret:"\r\n", wires:[["n2"]] },
-                {id:"n2", type:"helper"} ];
-            helper.load(csvNode, flow, function() {
-                var n1 = helper.getNode("n1");
-                var n2 = helper.getNode("n2");
-                n2.on("input", function(msg) {
-                    try {
-                        msg.should.have.property('payload', 'col1,col2,col3,col4\r\nH1,H2,H3,H4\r\nA,B,,\r\nA,,C,\r\nA,,,D\r\n');
-                        done();
-                    }
-                    catch(e) { done(e); }
-                });
-                var testJson = [{"col1":"H1","col2":"H2","col3":"H3","col4":"H4"},{"col1":"A","col2":"B"},{"col1":"A","col3":"C"},{"col1":"A","col4":"D"}];
-                n1.emit("input", {payload:testJson});
-            });
-        });
-
         it('should be able to pass in column names', function(done) {
             var flow = [ { id:"n1", type:"csv", temp:"", hdrout:"once", ret:"\r\n", wires:[["n2"]] },
                 {id:"n2", type:"helper"} ];
@@ -719,27 +701,9 @@ describe('CSV node', function() {
                     catch(e) { done(e); }
                 });
                 var testJson = [{ d: 1, b: 3, c: 2, a: 4 }];
-                n1.emit("input", {payload:testJson, columns:"a,,b,a", parts:{index:0}});
-                n1.emit("input", {payload:testJson, parts:{index:1}});
-                n1.emit("input", {payload:testJson, parts:{index:2}});
-            });
-        });
-
-        it('should be able to pass in column names - with payload as an array', function(done) {
-            var flow = [ { id:"n1", type:"csv", hdrout:"once", ret:"\r\n", wires:[["n2"]] },
-                {id:"n2", type:"helper"} ];
-            helper.load(csvNode, flow, function() {
-                var n1 = helper.getNode("n1");
-                var n2 = helper.getNode("n2");
-                n2.on("input", function(msg) {
-                    try {
-                        msg.should.have.property('payload', 'a,,b,a\r\n4,,3,4\r\n4,,3,4\r\n4,,3,4\r\n');
-                        done()
-                    }
-                    catch(e) { done(e); }
-                });
-                var testJson = { d: 1, b: 3, c: 2, a: 4 };
-                n1.emit("input", {payload:[testJson,testJson,testJson], columns:"a,,b,a"});
+                n1.emit("input", {payload:testJson, columns:"a,,b,a"});
+                n1.emit("input", {payload:testJson});
+                n1.emit("input", {payload:testJson});
             });
         });