Merge pull request #2038 from s1341/fix/server_not_checking_changeset_req_bounds

Server doesn't check bounds on CHANGESET_REQ arguments
This commit is contained in:
John McLear 2013-12-17 06:45:40 -08:00
commit d1cad04647
1 changed files with 120 additions and 114 deletions

View File

@ -1281,6 +1281,7 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
var composedChangesets = {};
var revisionDate = [];
var lines;
var head_revision = 0;
async.series([
//get the pad from the database
@ -1290,6 +1291,7 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
{
if(ERR(err, callback)) return;
pad = _pad;
head_revision = pad.getHeadRevisionNumber();
callback();
});
},
@ -1369,13 +1371,12 @@ function getChangesetInfo(padId, startNum, endNum, granularity, callback)
while (compositeStart < endNum)
{
if (compositeStart + granularity > endNum)
var compositeEnd = compositeStart + granularity;
if (compositeEnd > endNum || compositeEnd > head_revision)
{
break;
}
var compositeEnd = compositeStart + granularity;
var forwards = composedChangesets[compositeStart + "/" + compositeEnd];
var backwards = Changeset.inverse(forwards, lines.textlines, lines.alines, pad.apool());
@ -1479,7 +1480,7 @@ function getPadLines(padId, revNum, callback)
function composePadChangesets(padId, startNum, endNum, callback)
{
var pad;
var changesets = [];
var changesets = {};
var changeset;
async.series([
@ -1498,6 +1499,11 @@ function composePadChangesets(padId, startNum, endNum, callback)
{
var changesetsNeeded=[];
var headNum = pad.getHeadRevisionNumber();
if (endNum > headNum)
endNum = headNum;
if (startNum < 0)
startNum = 0;
//create a array for all changesets, we will
//replace the values with the changeset later
for(var r=startNum;r<endNum;r++)