zadam/trilium
1
1
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2024-09-20 07:35:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

verify that the uploaded modified file is temporary

Browse source
This commit is contained in:
zadam 2024-05-18 05:50:46 +02:00
parent 84feec2e7e
commit a2711cfb7b
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "trilium",
"version": "0.63.3",
"version": "0.63.5",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "trilium",
"version": "0.63.3",
"version": "0.63.5",
"hasInstallScript": true,
"license": "AGPL-3.0-only",
"dependencies": {

8
src/routes/api/files.js
View file

@ -154,12 +154,16 @@ function saveAttachmentToTmpDir(req) {
return saveToTmpDir(fileName, content, 'attachments', attachment.attachmentId);
}
const createdTemporaryFiles = new Set();
function saveToTmpDir(fileName, content, entityType, entityId) {
const tmpObj = tmp.fileSync({ postfix: fileName });
fs.writeSync(tmpObj.fd, content);
fs.closeSync(tmpObj.fd);
createdTemporaryFiles.add(tmpObj.name);
log.info(`Saved temporary file ${tmpObj.name}`);
if (utils.isElectron()) {
@ -183,6 +187,10 @@ function uploadModifiedFileToNote(req) {
const noteId = req.params.noteId;
const {filePath} = req.body;
if (!createdTemporaryFiles.has(filePath)) {
throw new ValidationError(`File '${filePath}' is not a temporary file.`);
}
const note = becca.getNoteOrThrow(noteId);
log.info(`Updating note '${noteId}' with content from '${filePath}'`);