diff options
Diffstat (limited to 'server/helpers/custom-validators')
-rw-r--r-- | server/helpers/custom-validators/misc.ts | 2 | ||||
-rw-r--r-- | server/helpers/custom-validators/plugins.ts | 12 |
2 files changed, 11 insertions, 3 deletions
diff --git a/server/helpers/custom-validators/misc.ts b/server/helpers/custom-validators/misc.ts index f72513c1c..3ef38fce1 100644 --- a/server/helpers/custom-validators/misc.ts +++ b/server/helpers/custom-validators/misc.ts | |||
@@ -9,7 +9,7 @@ function exists (value: any) { | |||
9 | function isSafePath (p: string) { | 9 | function isSafePath (p: string) { |
10 | return exists(p) && | 10 | return exists(p) && |
11 | (p + '').split(sep).every(part => { | 11 | (p + '').split(sep).every(part => { |
12 | return [ '', '.', '..' ].includes(part) === false | 12 | return [ '..' ].includes(part) === false |
13 | }) | 13 | }) |
14 | } | 14 | } |
15 | 15 | ||
diff --git a/server/helpers/custom-validators/plugins.ts b/server/helpers/custom-validators/plugins.ts index ff687dc3f..2fcdc581f 100644 --- a/server/helpers/custom-validators/plugins.ts +++ b/server/helpers/custom-validators/plugins.ts | |||
@@ -17,6 +17,13 @@ function isPluginNameValid (value: string) { | |||
17 | validator.matches(value, /^[a-z\-]+$/) | 17 | validator.matches(value, /^[a-z\-]+$/) |
18 | } | 18 | } |
19 | 19 | ||
20 | function isNpmPluginNameValid (value: string) { | ||
21 | return exists(value) && | ||
22 | validator.isLength(value, PLUGINS_CONSTRAINTS_FIELDS.NAME) && | ||
23 | validator.matches(value, /^[a-z\-]+$/) && | ||
24 | (value.startsWith('peertube-plugin-') || value.startsWith('peertube-theme-')) | ||
25 | } | ||
26 | |||
20 | function isPluginDescriptionValid (value: string) { | 27 | function isPluginDescriptionValid (value: string) { |
21 | return exists(value) && validator.isLength(value, PLUGINS_CONSTRAINTS_FIELDS.DESCRIPTION) | 28 | return exists(value) && validator.isLength(value, PLUGINS_CONSTRAINTS_FIELDS.DESCRIPTION) |
22 | } | 29 | } |
@@ -55,7 +62,7 @@ function isCSSPathsValid (css: any[]) { | |||
55 | } | 62 | } |
56 | 63 | ||
57 | function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginType) { | 64 | function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginType) { |
58 | return isPluginNameValid(packageJSON.name) && | 65 | return isNpmPluginNameValid(packageJSON.name) && |
59 | isPluginDescriptionValid(packageJSON.description) && | 66 | isPluginDescriptionValid(packageJSON.description) && |
60 | isPluginEngineValid(packageJSON.engine) && | 67 | isPluginEngineValid(packageJSON.engine) && |
61 | isUrlValid(packageJSON.homepage) && | 68 | isUrlValid(packageJSON.homepage) && |
@@ -78,5 +85,6 @@ export { | |||
78 | isPluginVersionValid, | 85 | isPluginVersionValid, |
79 | isPluginNameValid, | 86 | isPluginNameValid, |
80 | isPluginDescriptionValid, | 87 | isPluginDescriptionValid, |
81 | isLibraryCodeValid | 88 | isLibraryCodeValid, |
89 | isNpmPluginNameValid | ||
82 | } | 90 | } |