🛡️ fix: Minor Vulnerabilities (#4543)

* fix: ReDoS in ChatGPT Import * ci: should correctly process citations from real ChatGPT data * ci: Add ReDoS vulnerability test for processAssistantMessage * refactor: Update thread management and citation handling * refactor(validateImageRequest): robust validation * refactor(Prompt.js): update name search regex to escape special characters * refactor(Preset): exclude user from preset update to prevent mass assignment * refactor(files.js): Improve file deletion process * ci: updated validateImageRequest.spec.js * a11y: plugin pagination * refactor(CreatePromptForm.tsx): Improve input field styling * chore(Prompts): typing and accessibility * fix: prompt creation access role check * chore: remove duplicate jsdocs
2025-12-16 16:30:15 +01:00 · 2024-10-24 15:50:48 -04:00 · 2024-10-24 15:50:48 -04:00 · 3f3b5929e9
commit 3f3b5929e9
parent 094a40dbb0
15 changed files with 698 additions and 53 deletions
--- a/api/server/services/Threads/manage.js
+++ b/api/server/services/Threads/manage.js
@ -8,9 +8,9 @@ const {
 } = require('librechat-data-provider');
 const { retrieveAndProcessFile } = require('~/server/services/Files/process');
 const { recordMessage, getMessages } = require('~/models/Message');
+const { countTokens, escapeRegExp } = require('~/server/utils');
 const { spendTokens } = require('~/models/spendTokens');
 const { saveConvo } = require('~/models/Conversation');
-const { countTokens } = require('~/server/utils');

 /**
 * Initializes a new thread or adds messages to an existing thread.
@ -518,14 +518,6 @@ const recordUsage = async ({
 const uniqueCitationStart = '^====||===';
 const uniqueCitationEnd = '==|||||^';

-/** Helper function to escape special characters in regex
- * @param {string} string - The string to escape.
- * @returns {string} The escaped string.
- */
-function escapeRegExp(string) {
-  return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-}
-
 /**
 * Sorts, processes, and flattens messages to a single string.
 *