From cc2239f9693bd3ba7e8f108084d7437e2cda2459 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Sun, 20 Apr 2025 10:53:16 +0800 Subject: [PATCH 1/4] :technologist: Improve kernel API `/api/file/putFile` parameter validation https://github.com/siyuan-note/siyuan/issues/14658 --- kernel/api/file.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/kernel/api/file.go b/kernel/api/file.go index 78d37064d..ad9c4bfd5 100644 --- a/kernel/api/file.go +++ b/kernel/api/file.go @@ -380,6 +380,12 @@ func putFile(c *gin.Context) { return } + if !isValidFileName(fileAbsPath) { // Improve kernel API `/api/file/putFile` parameter validation https://github.com/siyuan-note/siyuan/issues/14658 + ret.Code = http.StatusBadRequest + ret.Msg = "invalid file path, please check https://github.com/siyuan-note/siyuan/issues/14658 for more details" + return + } + isDirStr := c.PostForm("isDir") isDir, _ := strconv.ParseBool(isDirStr) @@ -459,3 +465,8 @@ func millisecond2Time(t int64) time.Time { msec := t % 1000 return time.Unix(sec, msec*int64(time.Millisecond)) } + +func isValidFileName(p string) bool { + name := filepath.Base(p) + return name == util.FilterUploadFileName(name) +} From 867ca31fc95970debbc204f7b4f081c05de9b6e8 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Sun, 20 Apr 2025 11:11:07 +0800 Subject: [PATCH 2/4] :recycle: Upgrade to Electron v34.5.2 https://github.com/siyuan-note/siyuan/issues/14660 --- .github/CONTRIBUTING.md | 6 +++--- .github/CONTRIBUTING_zh_CN.md | 6 +++--- app/package.json | 2 +- app/pnpm-lock.yaml | 16 ++++++++-------- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 6d9897dee..84def433b 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -14,10 +14,10 @@ Install pnpm: `npm install -g pnpm@10.8.0` Set the Electron mirror environment variable and install Electron: -* macOS/Linux: `ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.0 -D` +* macOS/Linux: `ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.2 -D` * Windows: * `SET ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/` - * `pnpm install electron@v34.5.0 -D` + * `pnpm install electron@v34.5.2 -D` NPM mirror: @@ -27,7 +27,7 @@ NPM mirror: On the desktop, go to the app folder to run: -* `pnpm install electron@v34.5.0-D` +* `pnpm install electron@v34.5.2-D` * `pnpm run dev` * `pnpm run start` diff --git a/.github/CONTRIBUTING_zh_CN.md b/.github/CONTRIBUTING_zh_CN.md index d3eb612ad..10b178369 100644 --- a/.github/CONTRIBUTING_zh_CN.md +++ b/.github/CONTRIBUTING_zh_CN.md @@ -14,10 +14,10 @@ 设置 Electron 镜像环境变量并安装 Electron: -* macOS/Linux:`ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.0 -D` +* macOS/Linux:`ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.2 -D` * Windows: * `SET ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/` - * `pnpm install electron@v34.5.0 -D` + * `pnpm install electron@v34.5.2 -D` NPM 镜像: @@ -27,7 +27,7 @@ NPM 镜像: 桌面端进入 app 文件夹运行: -* `pnpm install electron@v34.5.0-D` +* `pnpm install electron@v34.5.2-D` * `pnpm run dev` * `pnpm run start` diff --git a/app/package.json b/app/package.json index bdd1078cd..7e87feec6 100644 --- a/app/package.json +++ b/app/package.json @@ -58,7 +58,7 @@ "clean-webpack-plugin": "^4.0.0", "css-loader": "^6.7.1", "dayjs": "^1.11.5", - "electron": "34.5.0", + "electron": "34.5.2", "electron-builder": "26.0.11", "encoding": "^0.1.13", "esbuild-loader": "^3.0.1", diff --git a/app/pnpm-lock.yaml b/app/pnpm-lock.yaml index fc4a27837..8b350dd6e 100644 --- a/app/pnpm-lock.yaml +++ b/app/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: dependencies: '@electron/remote': specifier: ^2.1.2 - version: 2.1.2(electron@34.5.0) + version: 2.1.2(electron@34.5.2) devDependencies: '@eslint/eslintrc': specifier: ^3.3.1 @@ -40,8 +40,8 @@ importers: specifier: ^1.11.5 version: 1.11.13 electron: - specifier: 34.5.0 - version: 34.5.0 + specifier: 34.5.2 + version: 34.5.2 electron-builder: specifier: 26.0.11 version: 26.0.11(electron-builder-squirrel-windows@26.0.11) @@ -1184,8 +1184,8 @@ packages: resolution: {integrity: sha512-bO3y10YikuUwUuDUQRM4KfwNkKhnpVO7IPdbsrejwN9/AABJzzTQ4GeHwyzNSrVO+tEH3/Np255a3sVZpZDjvg==} engines: {node: '>=8.0.0'} - electron@34.5.0: - resolution: {integrity: sha512-GabFMG7r2P1NQf5DYp6mnCXo5CcatxXb8YQo54VTStql6weeEv7tsqvl3lAssGwDdd4iMc8QpTCFjErBSVRWeQ==} + electron@34.5.2: + resolution: {integrity: sha512-Xt5dJl+iBGo5atrfd4Jusc2tk6oD+dId3Kqj59tzxlqJgHRK2mRtLwAhT5OyxLx1RJGEv1yQHvUrzkzjNTp0ug==} engines: {node: '>= 12.20.55'} hasBin: true @@ -2851,9 +2851,9 @@ snapshots: - bluebird - supports-color - '@electron/remote@2.1.2(electron@34.5.0)': + '@electron/remote@2.1.2(electron@34.5.2)': dependencies: - electron: 34.5.0 + electron: 34.5.2 '@electron/universal@2.0.1': dependencies: @@ -3977,7 +3977,7 @@ snapshots: transitivePeerDependencies: - supports-color - electron@34.5.0: + electron@34.5.2: dependencies: '@electron/get': 2.0.3 '@types/node': 20.17.30 From 0f85910bc7df8ddc4b8facaa4cb9cc6570d68bd6 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Sun, 20 Apr 2025 11:11:12 +0800 Subject: [PATCH 3/4] :recycle: Upgrade to Electron v34.5.2 https://github.com/siyuan-note/siyuan/issues/14660 --- app/pnpm-workspace.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 app/pnpm-workspace.yaml diff --git a/app/pnpm-workspace.yaml b/app/pnpm-workspace.yaml new file mode 100644 index 000000000..29abe3b48 --- /dev/null +++ b/app/pnpm-workspace.yaml @@ -0,0 +1,2 @@ +onlyBuiltDependencies: + - electron From c41c8c4fc251a484837633ee611145ca694a5be6 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Sun, 20 Apr 2025 11:12:45 +0800 Subject: [PATCH 4/4] :recycle: Upgrade to Electron v34.5.2 https://github.com/siyuan-note/siyuan/issues/14660 --- app/package.json | 2 +- app/pnpm-lock.yaml | 80 ++++++++++++++++++++++++++++++++++++---------- 2 files changed, 65 insertions(+), 17 deletions(-) diff --git a/app/package.json b/app/package.json index 7e87feec6..78b07a088 100644 --- a/app/package.json +++ b/app/package.json @@ -59,7 +59,7 @@ "css-loader": "^6.7.1", "dayjs": "^1.11.5", "electron": "34.5.2", - "electron-builder": "26.0.11", + "electron-builder": "26.0.12", "encoding": "^0.1.13", "esbuild-loader": "^3.0.1", "eslint": "^9.15.0", diff --git a/app/pnpm-lock.yaml b/app/pnpm-lock.yaml index 8b350dd6e..239708196 100644 --- a/app/pnpm-lock.yaml +++ b/app/pnpm-lock.yaml @@ -43,8 +43,8 @@ importers: specifier: 34.5.2 version: 34.5.2 electron-builder: - specifier: 26.0.11 - version: 26.0.11(electron-builder-squirrel-windows@26.0.11) + specifier: 26.0.12 + version: 26.0.12(electron-builder-squirrel-windows@26.0.11) encoding: specifier: ^0.1.13 version: 0.1.13 @@ -791,6 +791,13 @@ packages: dmg-builder: 26.0.11 electron-builder-squirrel-windows: 26.0.11 + app-builder-lib@26.0.12: + resolution: {integrity: sha512-+/CEPH1fVKf6HowBUs6LcAIoRcjeqgvAeoSE+cl7Y7LndyQ9ViGPYibNk7wmhMHzNgHIuIbw4nWADPO+4mjgWw==} + engines: {node: '>=14.0.0'} + peerDependencies: + dmg-builder: 26.0.12 + electron-builder-squirrel-windows: 26.0.12 + argparse@2.0.1: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} @@ -1115,8 +1122,8 @@ packages: dir-compare@4.2.0: resolution: {integrity: sha512-2xMCmOoMrdQIPHdsTawECdNPwlVFB9zGcz3kuhmBO6U3oU+UQjsue0i8ayLKpgBcm+hcXPMVSGUN9d+pvJ6+VQ==} - dmg-builder@26.0.11: - resolution: {integrity: sha512-C+SaRneQ11OxG99EeGp3TvPrlkW9ZaiukxB9Z7+OhhO1ge0nAtq9uD0ILt1JpvNAQ1de3gzX7TFRYJrSGsNe+Q==} + dmg-builder@26.0.12: + resolution: {integrity: sha512-59CAAjAhTaIMCN8y9kD573vDkxbs1uhDcrFLHSgutYdPcGOU35Rf95725snvzEOy4BFB7+eLJ8djCNPmGwG67w==} dmg-license@1.0.11: resolution: {integrity: sha512-ZdzmqwKmECOWJpqefloC5OJy1+WZBBse5+MR88z9g9Zn4VY+WYUkAyojmhzJckH5YbbZGcYIuGAkY5/Ys5OM2Q==} @@ -1169,8 +1176,8 @@ packages: electron-builder-squirrel-windows@26.0.11: resolution: {integrity: sha512-LM3VDospLXCY6leWPhoJngDlP2GGOPzje/qZbCwX5g9ZeuYhcsVfm5NDDrjS3H6yC4PzHI9U2mnhJxc3bpIMGw==} - electron-builder@26.0.11: - resolution: {integrity: sha512-u7Qgge5ue5oOPDbZEseor7RjxKSYAekVflHkbNIY6te1kbtShQFqESq3FZakMBsQf/3SkEycvWhHHRb8zjqBqg==} + electron-builder@26.0.12: + resolution: {integrity: sha512-cD1kz5g2sgPTMFHjLxfMjUK5JABq3//J4jPswi93tOPFz6btzXYtK5NrDt717NRbukCUDOrrvmYVOWERlqoiXA==} engines: {node: '>=14.0.0'} hasBin: true @@ -3463,7 +3470,7 @@ snapshots: app-builder-bin@5.0.0-alpha.12: {} - app-builder-lib@26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11): + app-builder-lib@26.0.11(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11): dependencies: '@develar/schema-utils': 2.6.5 '@electron/asar': 3.2.18 @@ -3480,11 +3487,52 @@ snapshots: chromium-pickle-js: 0.2.0 config-file-ts: 0.2.8-rc1 debug: 4.4.0 - dmg-builder: 26.0.11(electron-builder-squirrel-windows@26.0.11) + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) dotenv: 16.5.0 dotenv-expand: 11.0.7 ejs: 3.1.10 - electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.11) + electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.12) + electron-publish: 26.0.11 + fs-extra: 10.1.0 + hosted-git-info: 4.1.0 + is-ci: 3.0.1 + isbinaryfile: 5.0.4 + js-yaml: 4.1.0 + json5: 2.2.3 + lazy-val: 1.0.5 + minimatch: 10.0.1 + plist: 3.1.0 + resedit: 1.7.2 + semver: 7.7.1 + tar: 6.2.1 + temp-file: 3.4.0 + tiny-async-pool: 1.3.0 + transitivePeerDependencies: + - bluebird + - supports-color + + app-builder-lib@26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11): + dependencies: + '@develar/schema-utils': 2.6.5 + '@electron/asar': 3.2.18 + '@electron/fuses': 1.8.0 + '@electron/notarize': 2.5.0 + '@electron/osx-sign': 1.3.1 + '@electron/rebuild': 3.7.0 + '@electron/universal': 2.0.1 + '@malept/flatpak-bundler': 0.4.0 + '@types/fs-extra': 9.0.13 + async-exit-hook: 2.0.1 + builder-util: 26.0.11 + builder-util-runtime: 9.3.1 + chromium-pickle-js: 0.2.0 + config-file-ts: 0.2.8-rc1 + debug: 4.4.0 + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) + dotenv: 16.5.0 + dotenv-expand: 11.0.7 + ejs: 3.1.10 + electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.12) electron-publish: 26.0.11 fs-extra: 10.1.0 hosted-git-info: 4.1.0 @@ -3849,9 +3897,9 @@ snapshots: minimatch: 3.1.2 p-limit: 3.1.0 - dmg-builder@26.0.11(electron-builder-squirrel-windows@26.0.11): + dmg-builder@26.0.12(electron-builder-squirrel-windows@26.0.11): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 builder-util-runtime: 9.3.1 fs-extra: 10.1.0 @@ -3923,9 +3971,9 @@ snapshots: dependencies: jake: 10.9.2 - electron-builder-squirrel-windows@26.0.11(dmg-builder@26.0.11): + electron-builder-squirrel-windows@26.0.11(dmg-builder@26.0.12): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.11(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 electron-winstaller: 5.4.0 transitivePeerDependencies: @@ -3933,13 +3981,13 @@ snapshots: - dmg-builder - supports-color - electron-builder@26.0.11(electron-builder-squirrel-windows@26.0.11): + electron-builder@26.0.12(electron-builder-squirrel-windows@26.0.11): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 builder-util-runtime: 9.3.1 chalk: 4.1.2 - dmg-builder: 26.0.11(electron-builder-squirrel-windows@26.0.11) + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) fs-extra: 10.1.0 is-ci: 3.0.1 lazy-val: 1.0.5