StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-03-14 21:31:50 +00:00
Code Releases Activity

fix: extra checks for tag get() function

Browse source
This commit is contained in:
Dragory 2023-04-01 21:34:14 +03:00
parent ab54dc215f
commit 3064a05b4d
No known key found for this signature in database
GPG key ID: 5F387BA66DF8AAC1
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
backend/src/plugins/Tags/util/renderTagBody.ts
View file

@ -30,7 +30,7 @@ export async function renderTagBody(
return val;
},
get(name) {
return dynamicVars[name] == null ? "" : dynamicVars[name];
return !dynamicVars.hasOwnProperty(name) || dynamicVars[name] == null ? "" : dynamicVars[name];
},
tag: async (name, ...subTagArgs) => {
if (++tagFnCallsObj.calls > MAX_TAG_FN_CALLS) return "";

5
backend/src/utils.ts
View file

@ -578,7 +578,10 @@ export function errorMessage(str, emoji = "⚠") {
export function get(obj, path, def?): any {
let cursor = obj;
const pathParts = path.split(".");
const pathParts = path
.split(".")
.map((s) => s.trim())
.filter((s) => s !== "");
for (const part of pathParts) {
// hasOwnProperty check here is necessary to prevent prototype traversal in tags
if (!cursor.hasOwnProperty(part)) return def;