Merge pull request #2038 from s1341/fix/server_not_checking_changeset_req_bounds

Server doesn't check bounds on CHANGESET_REQ arguments
This commit is contained in:
John McLear 2013-12-17 06:45:40 -08:00
commit d1cad04647
1 changed files with 120 additions and 114 deletions

View File

@ -1281,6 +1281,7 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
var composedChangesets = {}; var composedChangesets = {};
var revisionDate = []; var revisionDate = [];
var lines; var lines;
var head_revision = 0;
async.series([ async.series([
//get the pad from the database //get the pad from the database
@ -1290,6 +1291,7 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
{ {
if(ERR(err, callback)) return; if(ERR(err, callback)) return;
pad = _pad; pad = _pad;
head_revision = pad.getHeadRevisionNumber();
callback(); callback();
}); });
}, },
@ -1369,13 +1371,12 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
while (compositeStart < endNum) while (compositeStart < endNum)
{ {
if (compositeStart + granularity > endNum) var compositeEnd = compositeStart + granularity;
if (compositeEnd > endNum || compositeEnd > head_revision)
{ {
break; break;
} }
var compositeEnd = compositeStart + granularity;
var forwards = composedChangesets[compositeStart + "/" + compositeEnd]; var forwards = composedChangesets[compositeStart + "/" + compositeEnd];
var backwards = Changeset.inverse(forwards, lines.textlines, lines.alines, pad.apool()); var backwards = Changeset.inverse(forwards, lines.textlines, lines.alines, pad.apool());
@ -1479,7 +1480,7 @@ function getPadLines(padId, revNum, callback)
function composePadChangesets(padId, startNum, endNum, callback) function composePadChangesets(padId, startNum, endNum, callback)
{ {
var pad; var pad;
var changesets = []; var changesets = {};
var changeset; var changeset;
async.series([ async.series([
@ -1498,6 +1499,11 @@ function composePadChangesets(padId, startNum, endNum, callback)
{ {
var changesetsNeeded=[]; var changesetsNeeded=[];
var headNum = pad.getHeadRevisionNumber();
if (endNum > headNum)
endNum = headNum;
if (startNum < 0)
startNum = 0;
//create a array for all changesets, we will //create a array for all changesets, we will
//replace the values with the changeset later //replace the values with the changeset later
for(var r=startNum;r<endNum;r++) for(var r=startNum;r<endNum;r++)