1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-11-27 03:57:21 +00:00

always test ext in tiddler title and remove it (#5329)

* always test ext in tiddler title and remove it

* patch custom ext length vulernability
This commit is contained in:
Joshua Fontany 2021-01-03 03:50:14 -08:00 committed by GitHub
parent e96a54c753
commit 03626bc142
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -342,10 +342,6 @@ exports.generateTiddlerFilepath = function(title,options) {
filepath = originalpath.substring(0,originalpath.length - ext.length); filepath = originalpath.substring(0,originalpath.length - ext.length);
} else if(!filepath) { } else if(!filepath) {
filepath = title; filepath = title;
// If the filepath already ends in the extension then remove it
if(filepath.substring(filepath.length - extension.length) === extension) {
filepath = filepath.substring(0,filepath.length - extension.length);
}
// Remove any forward or backward slashes so we don't create directories // Remove any forward or backward slashes so we don't create directories
filepath = filepath.replace(/\/|\\/g,"_"); filepath = filepath.replace(/\/|\\/g,"_");
} }
@ -354,12 +350,20 @@ exports.generateTiddlerFilepath = function(title,options) {
// Don't let the filename start with any dots because such files are invisible on *nix // Don't let the filename start with any dots because such files are invisible on *nix
filepath = filepath.replace(/^\.+/g,"_"); filepath = filepath.replace(/^\.+/g,"_");
} }
// If the filepath already ends in the extension then remove it
if(filepath.substring(filepath.length - extension.length) === extension) {
filepath = filepath.substring(0,filepath.length - extension.length);
}
// Remove any characters that can't be used in cross-platform filenames // Remove any characters that can't be used in cross-platform filenames
filepath = $tw.utils.transliterate(filepath.replace(/<|>|~|\:|\"|\||\?|\*|\^/g,"_")); filepath = $tw.utils.transliterate(filepath.replace(/<|>|~|\:|\"|\||\?|\*|\^/g,"_"));
// Truncate the filename if it is too long // Truncate the filename if it is too long
if(filepath.length > 200) { if(filepath.length > 200) {
filepath = filepath.substr(0,200); filepath = filepath.substr(0,200);
} }
// Truncate the extension if it is too long
if(extension.length > 32) {
extension = extension.substr(0,32);
}
// If the resulting filename is blank (eg because the title is just punctuation characters) // If the resulting filename is blank (eg because the title is just punctuation characters)
if(!filepath) { if(!filepath) {
// ...then just use the character codes of the title // ...then just use the character codes of the title