summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/config/index.js2
-rw-r--r--lib/models/note.js9
-rw-r--r--lib/realtime.js2
-rw-r--r--lib/response.js4
4 files changed, 13 insertions, 4 deletions
diff --git a/lib/config/index.js b/lib/config/index.js
index d885ee92..bdba5e0e 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -53,7 +53,7 @@ if (config.ldap.tlsca) {
// Permission
config.permission = Permission
-if (!config.allowAnonymous && !config.allowAnonymousedits) {
+if (!config.allowAnonymous && !config.allowAnonymousEdits) {
delete config.permission.freely
}
if (!(config.defaultPermission in config.permission)) {
diff --git a/lib/models/note.js b/lib/models/note.js
index 69393dd4..2a048e37 100644
--- a/lib/models/note.js
+++ b/lib/models/note.js
@@ -211,6 +211,15 @@ module.exports = function (sequelize, DataTypes) {
},
// parse note id by LZString is deprecated, here for compability
parseNoteIdByLZString: function (_callback) {
+ // Calculate minimal string length for an UUID that is encoded
+ // base64 encoded and optimize comparsion by using -1
+ // this should make a lot of LZ-String parsing errors obsolete
+ // as we can assume that a nodeId that is 48 chars or longer is a
+ // noteID.
+ const base64UuidLength = ((4 * 36) / 3) - 1
+ if (!(noteId.length > base64UuidLength)) {
+ return _callback(null, null)
+ }
// try to parse note id by LZString Base64
try {
var id = LZString.decompressFromBase64(noteId)
diff --git a/lib/realtime.js b/lib/realtime.js
index d8b0b4c5..070bde2d 100644
--- a/lib/realtime.js
+++ b/lib/realtime.js
@@ -788,7 +788,7 @@ function connection (socket) {
var note = notes[noteId]
// Only owner can change permission
if (note.owner && note.owner === socket.request.user.id) {
- if (permission === 'freely' && !config.allowAnonymous && !config.allowAnonymousedits) return
+ if (permission === 'freely' && !config.allowAnonymous && !config.allowAnonymousEdits) return
note.permission = permission
models.Note.update({
permission: permission
diff --git a/lib/response.js b/lib/response.js
index d5c685ca..ae3e45fa 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -59,7 +59,7 @@ function showIndex (req, res, next) {
url: config.serverURL,
useCDN: config.useCDN,
allowAnonymous: config.allowAnonymous,
- allowAnonymousEdits: config.allowAnonymousedits,
+ allowAnonymousEdits: config.allowAnonymousEdits,
facebook: config.isFacebookEnable,
twitter: config.isTwitterEnable,
github: config.isGitHubEnable,
@@ -94,7 +94,7 @@ function responseHackMD (res, note) {
title: title,
useCDN: config.useCDN,
allowAnonymous: config.allowAnonymous,
- allowAnonymousEdits: config.allowAnonymousedits,
+ allowAnonymousEdits: config.allowAnonymousEdits,
facebook: config.isFacebookEnable,
twitter: config.isTwitterEnable,
github: config.isGitHubEnable,