From b321185248a60c6dd29c18d3e76abd4fd71d714a Mon Sep 17 00:00:00 2001 From: Liang Ding Date: Thu, 2 Feb 2023 11:06:10 +0800 Subject: [PATCH 1/2] =?UTF-8?q?:art:=20=E6=94=AF=E6=8C=81=E6=89=B9?= =?UTF-8?q?=E9=87=8F=E7=A7=BB=E5=8A=A8=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- API.md | 12 +++++------- API_zh_CN.md | 8 +++----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/API.md b/API.md index 256091d82..022db8894 100644 --- a/API.md +++ b/API.md @@ -16,7 +16,7 @@ * [Create a document with Markdown](#Create-a-document-with-Markdown) * [Rename a document](#Rename-a-document) * [Remove a document](#Remove-a-document) - * [Move a document](#Move-a-document) + * [Move documents](#Move-documents) * [Get human-readable path based on path](#Get-human-readable-path-based-on-path) * [Get human-readable path based on ID](#Get-human-readable-path-based-on-ID) * [Assets](#Assets) @@ -378,22 +378,20 @@ View API token in Settings - About, request header: `Authorization: T } ``` -### Move a document +### Move documents -* `/api/filetree/moveDoc` +* `/api/filetree/moveDocs` * Parameters ```json { - "fromNotebook": "20210831090520-7dvbdv0", - "fromPath": "/20210917220056-yxtyl7i.sy", + "fromPaths": ["/20210917220056-yxtyl7i.sy"], "toNotebook": "20210817205410-2kvfpfn", "toPath": "/" } ``` - * `fromNotebook`: Source notebook ID - * `fromPath`: Source path + * `fromPaths`: Source paths * `toNotebook`: Target notebook ID * `toPath`: Target path * Return value diff --git a/API_zh_CN.md b/API_zh_CN.md index 61ccf9a2e..93c83d82b 100644 --- a/API_zh_CN.md +++ b/API_zh_CN.md @@ -377,20 +377,18 @@ ### 移动文档 -* `/api/filetree/moveDoc` +* `/api/filetree/moveDocs` * 参数 ```json { - "fromNotebook": "20210831090520-7dvbdv0", - "fromPath": "/20210917220056-yxtyl7i.sy", + "fromPaths": ["/20210917220056-yxtyl7i.sy"], "toNotebook": "20210817205410-2kvfpfn", "toPath": "/" } ``` - * `fromNotebook`:源笔记本 ID - * `fromPath`:源路径 + * `fromPaths`:源路径 * `toNotebook`:目标笔记本 ID * `toPath`:目标路径 * 返回值 From f37678a98b25103170262aadcce533ca0383c5bc Mon Sep 17 00:00:00 2001 From: Liang Ding Date: Thu, 2 Feb 2023 11:06:29 +0800 Subject: [PATCH 2/2] =?UTF-8?q?:art:=20=E5=86=85=E6=A0=B8=20API=20?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C=20ID=20=E6=A0=BC=E5=BC=8F=20Fix=20https://gi?= =?UTF-8?q?thub.com/siyuan-note/siyuan/issues/7228?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kernel/api/attr.go | 8 ++++++++ kernel/api/block.go | 4 ++++ kernel/api/block_op.go | 21 +++++++++++++++++++++ kernel/api/export.go | 4 ++++ kernel/api/filetree.go | 23 +++++++++++++++++++++++ kernel/api/notebook.go | 23 +++++++++++++++++++++++ kernel/api/template.go | 4 ++++ kernel/util/net.go | 11 +++++++++++ 8 files changed, 98 insertions(+) diff --git a/kernel/api/attr.go b/kernel/api/attr.go index bc91a3e8c..d9339ca30 100644 --- a/kernel/api/attr.go +++ b/kernel/api/attr.go @@ -43,6 +43,10 @@ func getBlockAttrs(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + ret.Data = model.GetBlockAttrs(id) } @@ -56,6 +60,10 @@ func setBlockAttrs(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + attrs := arg["attrs"].(map[string]interface{}) if 1 == len(attrs) && "" != attrs["scroll"] { // 不记录用户指南滚动位置 diff --git a/kernel/api/block.go b/kernel/api/block.go index ccfcc5644..13269d5dd 100644 --- a/kernel/api/block.go +++ b/kernel/api/block.go @@ -471,6 +471,10 @@ func getBlockKramdown(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + kramdown := model.GetBlockKramdown(id) ret.Data = map[string]string{ "id": id, diff --git a/kernel/api/block_op.go b/kernel/api/block_op.go index b0d664648..5289a0bac 100644 --- a/kernel/api/block_op.go +++ b/kernel/api/block_op.go @@ -40,6 +40,9 @@ func appendBlock(c *gin.Context) { data := arg["data"].(string) dataType := arg["dataType"].(string) parentID := arg["parentID"].(string) + if util.InvalidIDPattern(parentID, ret) { + return + } if "markdown" == dataType { luteEngine := model.NewLute() data = dataBlockDOM(data, luteEngine) @@ -82,6 +85,9 @@ func prependBlock(c *gin.Context) { data := arg["data"].(string) dataType := arg["dataType"].(string) parentID := arg["parentID"].(string) + if util.InvalidIDPattern(parentID, ret) { + return + } if "markdown" == dataType { luteEngine := model.NewLute() data = dataBlockDOM(data, luteEngine) @@ -126,12 +132,21 @@ func insertBlock(c *gin.Context) { var parentID, previousID, nextID string if nil != arg["parentID"] { parentID = arg["parentID"].(string) + if util.InvalidIDPattern(parentID, ret) { + return + } } if nil != arg["previousID"] { previousID = arg["previousID"].(string) + if util.InvalidIDPattern(previousID, ret) { + return + } } if nil != arg["nextID"] { nextID = arg["nextID"].(string) + if util.InvalidIDPattern(nextID, ret) { + return + } } if "markdown" == dataType { @@ -178,6 +193,9 @@ func updateBlock(c *gin.Context) { data := arg["data"].(string) dataType := arg["dataType"].(string) id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } luteEngine := model.NewLute() if "markdown" == dataType { @@ -264,6 +282,9 @@ func deleteBlock(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } transactions := []*model.Transaction{ { diff --git a/kernel/api/export.go b/kernel/api/export.go index 8b6a5b283..1985d5eef 100644 --- a/kernel/api/export.go +++ b/kernel/api/export.go @@ -165,6 +165,10 @@ func exportMdContent(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + hPath, content := model.ExportMarkdownContent(id) ret.Data = map[string]interface{}{ "hPath": hPath, diff --git a/kernel/api/filetree.go b/kernel/api/filetree.go index 506730262..ebb9cdd10 100644 --- a/kernel/api/filetree.go +++ b/kernel/api/filetree.go @@ -163,6 +163,10 @@ func getHPathByPath(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + p := arg["path"].(string) hPath, err := model.GetHPathByPath(notebook, p) @@ -207,6 +211,10 @@ func getHPathByID(c *gin.Context) { } id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + hPath, err := model.GetHPathByID(id) if nil != err { ret.Code = -1 @@ -254,6 +262,9 @@ func moveDocs(c *gin.Context) { } toPath := arg["toPath"].(string) toNotebook := arg["toNotebook"].(string) + if util.InvalidIDPattern(toNotebook, ret) { + return + } err := model.MoveDocs(fromPaths, toNotebook, toPath) if nil != err { @@ -274,6 +285,10 @@ func removeDoc(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + p := arg["path"].(string) model.RemoveDoc(notebook, p) } @@ -305,6 +320,10 @@ func renameDoc(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + p := arg["path"].(string) title := arg["title"].(string) @@ -447,6 +466,10 @@ func createDocWithMd(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + hPath := arg["path"].(string) markdown := arg["markdown"].(string) diff --git a/kernel/api/notebook.go b/kernel/api/notebook.go index 8e8f8e1cf..ddbea5059 100644 --- a/kernel/api/notebook.go +++ b/kernel/api/notebook.go @@ -67,6 +67,10 @@ func renameNotebook(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + name := arg["name"].(string) err := model.RenameBox(notebook, name) if nil != err { @@ -94,6 +98,10 @@ func removeNotebook(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + err := model.RemoveBox(notebook) if nil != err { ret.Code = -1 @@ -155,6 +163,10 @@ func openNotebook(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + msgId := util.PushMsg(model.Conf.Language(45), 1000*60*15) defer util.PushClearMsg(msgId) existed, err := model.Mount(notebook) @@ -183,6 +195,9 @@ func closeNotebook(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } model.Unmount(notebook) } @@ -196,6 +211,10 @@ func getNotebookConf(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + box := model.Conf.Box(notebook) ret.Data = map[string]interface{}{ "box": box.ID, @@ -214,6 +233,10 @@ func setNotebookConf(c *gin.Context) { } notebook := arg["notebook"].(string) + if util.InvalidIDPattern(notebook, ret) { + return + } + box := model.Conf.Box(notebook) param, err := gulu.JSON.MarshalJSON(arg["conf"]) diff --git a/kernel/api/template.go b/kernel/api/template.go index 5bf5c88b9..61df474c9 100644 --- a/kernel/api/template.go +++ b/kernel/api/template.go @@ -56,6 +56,10 @@ func renderTemplate(c *gin.Context) { p := arg["path"].(string) id := arg["id"].(string) + if util.InvalidIDPattern(id, ret) { + return + } + content, err := model.RenderTemplate(p, id) if nil != err { ret.Code = -1 diff --git a/kernel/util/net.go b/kernel/util/net.go index 3cf013cec..5d7b8900e 100644 --- a/kernel/util/net.go +++ b/kernel/util/net.go @@ -17,6 +17,7 @@ package util import ( + "github.com/88250/lute/ast" "github.com/imroc/req/v3" "github.com/siyuan-note/httpclient" "net/http" @@ -65,6 +66,16 @@ func JsonArg(c *gin.Context, result *gulu.Result) (arg map[string]interface{}, o return } +func InvalidIDPattern(idArg string, result *gulu.Result) bool { + if ast.IsNodeIDPattern(idArg) { + return false + } + + result.Code = -1 + result.Msg = "invalid ID argument" + return true +} + func initHttpClient() { http.DefaultClient = httpclient.GetCloudFileClient2Min() http.DefaultTransport = httpclient.NewTransport(false)