diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 6d9897dee..84def433b 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -14,10 +14,10 @@ Install pnpm: `npm install -g pnpm@10.8.0` Set the Electron mirror environment variable and install Electron: -* macOS/Linux: `ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.0 -D` +* macOS/Linux: `ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.2 -D` * Windows: * `SET ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/` - * `pnpm install electron@v34.5.0 -D` + * `pnpm install electron@v34.5.2 -D` NPM mirror: @@ -27,7 +27,7 @@ NPM mirror: On the desktop, go to the app folder to run: -* `pnpm install electron@v34.5.0-D` +* `pnpm install electron@v34.5.2-D` * `pnpm run dev` * `pnpm run start` diff --git a/.github/CONTRIBUTING_zh_CN.md b/.github/CONTRIBUTING_zh_CN.md index d3eb612ad..10b178369 100644 --- a/.github/CONTRIBUTING_zh_CN.md +++ b/.github/CONTRIBUTING_zh_CN.md @@ -14,10 +14,10 @@ 设置 Electron 镜像环境变量并安装 Electron: -* macOS/Linux:`ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.0 -D` +* macOS/Linux:`ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/ pnpm install electron@v34.5.2 -D` * Windows: * `SET ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/` - * `pnpm install electron@v34.5.0 -D` + * `pnpm install electron@v34.5.2 -D` NPM 镜像: @@ -27,7 +27,7 @@ NPM 镜像: 桌面端进入 app 文件夹运行: -* `pnpm install electron@v34.5.0-D` +* `pnpm install electron@v34.5.2-D` * `pnpm run dev` * `pnpm run start` diff --git a/app/package.json b/app/package.json index bdd1078cd..78b07a088 100644 --- a/app/package.json +++ b/app/package.json @@ -58,8 +58,8 @@ "clean-webpack-plugin": "^4.0.0", "css-loader": "^6.7.1", "dayjs": "^1.11.5", - "electron": "34.5.0", - "electron-builder": "26.0.11", + "electron": "34.5.2", + "electron-builder": "26.0.12", "encoding": "^0.1.13", "esbuild-loader": "^3.0.1", "eslint": "^9.15.0", diff --git a/app/pnpm-lock.yaml b/app/pnpm-lock.yaml index fc4a27837..239708196 100644 --- a/app/pnpm-lock.yaml +++ b/app/pnpm-lock.yaml @@ -10,7 +10,7 @@ importers: dependencies: '@electron/remote': specifier: ^2.1.2 - version: 2.1.2(electron@34.5.0) + version: 2.1.2(electron@34.5.2) devDependencies: '@eslint/eslintrc': specifier: ^3.3.1 @@ -40,11 +40,11 @@ importers: specifier: ^1.11.5 version: 1.11.13 electron: - specifier: 34.5.0 - version: 34.5.0 + specifier: 34.5.2 + version: 34.5.2 electron-builder: - specifier: 26.0.11 - version: 26.0.11(electron-builder-squirrel-windows@26.0.11) + specifier: 26.0.12 + version: 26.0.12(electron-builder-squirrel-windows@26.0.11) encoding: specifier: ^0.1.13 version: 0.1.13 @@ -791,6 +791,13 @@ packages: dmg-builder: 26.0.11 electron-builder-squirrel-windows: 26.0.11 + app-builder-lib@26.0.12: + resolution: {integrity: sha512-+/CEPH1fVKf6HowBUs6LcAIoRcjeqgvAeoSE+cl7Y7LndyQ9ViGPYibNk7wmhMHzNgHIuIbw4nWADPO+4mjgWw==} + engines: {node: '>=14.0.0'} + peerDependencies: + dmg-builder: 26.0.12 + electron-builder-squirrel-windows: 26.0.12 + argparse@2.0.1: resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} @@ -1115,8 +1122,8 @@ packages: dir-compare@4.2.0: resolution: {integrity: sha512-2xMCmOoMrdQIPHdsTawECdNPwlVFB9zGcz3kuhmBO6U3oU+UQjsue0i8ayLKpgBcm+hcXPMVSGUN9d+pvJ6+VQ==} - dmg-builder@26.0.11: - resolution: {integrity: sha512-C+SaRneQ11OxG99EeGp3TvPrlkW9ZaiukxB9Z7+OhhO1ge0nAtq9uD0ILt1JpvNAQ1de3gzX7TFRYJrSGsNe+Q==} + dmg-builder@26.0.12: + resolution: {integrity: sha512-59CAAjAhTaIMCN8y9kD573vDkxbs1uhDcrFLHSgutYdPcGOU35Rf95725snvzEOy4BFB7+eLJ8djCNPmGwG67w==} dmg-license@1.0.11: resolution: {integrity: sha512-ZdzmqwKmECOWJpqefloC5OJy1+WZBBse5+MR88z9g9Zn4VY+WYUkAyojmhzJckH5YbbZGcYIuGAkY5/Ys5OM2Q==} @@ -1169,8 +1176,8 @@ packages: electron-builder-squirrel-windows@26.0.11: resolution: {integrity: sha512-LM3VDospLXCY6leWPhoJngDlP2GGOPzje/qZbCwX5g9ZeuYhcsVfm5NDDrjS3H6yC4PzHI9U2mnhJxc3bpIMGw==} - electron-builder@26.0.11: - resolution: {integrity: sha512-u7Qgge5ue5oOPDbZEseor7RjxKSYAekVflHkbNIY6te1kbtShQFqESq3FZakMBsQf/3SkEycvWhHHRb8zjqBqg==} + electron-builder@26.0.12: + resolution: {integrity: sha512-cD1kz5g2sgPTMFHjLxfMjUK5JABq3//J4jPswi93tOPFz6btzXYtK5NrDt717NRbukCUDOrrvmYVOWERlqoiXA==} engines: {node: '>=14.0.0'} hasBin: true @@ -1184,8 +1191,8 @@ packages: resolution: {integrity: sha512-bO3y10YikuUwUuDUQRM4KfwNkKhnpVO7IPdbsrejwN9/AABJzzTQ4GeHwyzNSrVO+tEH3/Np255a3sVZpZDjvg==} engines: {node: '>=8.0.0'} - electron@34.5.0: - resolution: {integrity: sha512-GabFMG7r2P1NQf5DYp6mnCXo5CcatxXb8YQo54VTStql6weeEv7tsqvl3lAssGwDdd4iMc8QpTCFjErBSVRWeQ==} + electron@34.5.2: + resolution: {integrity: sha512-Xt5dJl+iBGo5atrfd4Jusc2tk6oD+dId3Kqj59tzxlqJgHRK2mRtLwAhT5OyxLx1RJGEv1yQHvUrzkzjNTp0ug==} engines: {node: '>= 12.20.55'} hasBin: true @@ -2851,9 +2858,9 @@ snapshots: - bluebird - supports-color - '@electron/remote@2.1.2(electron@34.5.0)': + '@electron/remote@2.1.2(electron@34.5.2)': dependencies: - electron: 34.5.0 + electron: 34.5.2 '@electron/universal@2.0.1': dependencies: @@ -3463,7 +3470,7 @@ snapshots: app-builder-bin@5.0.0-alpha.12: {} - app-builder-lib@26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11): + app-builder-lib@26.0.11(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11): dependencies: '@develar/schema-utils': 2.6.5 '@electron/asar': 3.2.18 @@ -3480,11 +3487,52 @@ snapshots: chromium-pickle-js: 0.2.0 config-file-ts: 0.2.8-rc1 debug: 4.4.0 - dmg-builder: 26.0.11(electron-builder-squirrel-windows@26.0.11) + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) dotenv: 16.5.0 dotenv-expand: 11.0.7 ejs: 3.1.10 - electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.11) + electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.12) + electron-publish: 26.0.11 + fs-extra: 10.1.0 + hosted-git-info: 4.1.0 + is-ci: 3.0.1 + isbinaryfile: 5.0.4 + js-yaml: 4.1.0 + json5: 2.2.3 + lazy-val: 1.0.5 + minimatch: 10.0.1 + plist: 3.1.0 + resedit: 1.7.2 + semver: 7.7.1 + tar: 6.2.1 + temp-file: 3.4.0 + tiny-async-pool: 1.3.0 + transitivePeerDependencies: + - bluebird + - supports-color + + app-builder-lib@26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11): + dependencies: + '@develar/schema-utils': 2.6.5 + '@electron/asar': 3.2.18 + '@electron/fuses': 1.8.0 + '@electron/notarize': 2.5.0 + '@electron/osx-sign': 1.3.1 + '@electron/rebuild': 3.7.0 + '@electron/universal': 2.0.1 + '@malept/flatpak-bundler': 0.4.0 + '@types/fs-extra': 9.0.13 + async-exit-hook: 2.0.1 + builder-util: 26.0.11 + builder-util-runtime: 9.3.1 + chromium-pickle-js: 0.2.0 + config-file-ts: 0.2.8-rc1 + debug: 4.4.0 + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) + dotenv: 16.5.0 + dotenv-expand: 11.0.7 + ejs: 3.1.10 + electron-builder-squirrel-windows: 26.0.11(dmg-builder@26.0.12) electron-publish: 26.0.11 fs-extra: 10.1.0 hosted-git-info: 4.1.0 @@ -3849,9 +3897,9 @@ snapshots: minimatch: 3.1.2 p-limit: 3.1.0 - dmg-builder@26.0.11(electron-builder-squirrel-windows@26.0.11): + dmg-builder@26.0.12(electron-builder-squirrel-windows@26.0.11): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 builder-util-runtime: 9.3.1 fs-extra: 10.1.0 @@ -3923,9 +3971,9 @@ snapshots: dependencies: jake: 10.9.2 - electron-builder-squirrel-windows@26.0.11(dmg-builder@26.0.11): + electron-builder-squirrel-windows@26.0.11(dmg-builder@26.0.12): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.11(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 electron-winstaller: 5.4.0 transitivePeerDependencies: @@ -3933,13 +3981,13 @@ snapshots: - dmg-builder - supports-color - electron-builder@26.0.11(electron-builder-squirrel-windows@26.0.11): + electron-builder@26.0.12(electron-builder-squirrel-windows@26.0.11): dependencies: - app-builder-lib: 26.0.11(dmg-builder@26.0.11)(electron-builder-squirrel-windows@26.0.11) + app-builder-lib: 26.0.12(dmg-builder@26.0.12)(electron-builder-squirrel-windows@26.0.11) builder-util: 26.0.11 builder-util-runtime: 9.3.1 chalk: 4.1.2 - dmg-builder: 26.0.11(electron-builder-squirrel-windows@26.0.11) + dmg-builder: 26.0.12(electron-builder-squirrel-windows@26.0.11) fs-extra: 10.1.0 is-ci: 3.0.1 lazy-val: 1.0.5 @@ -3977,7 +4025,7 @@ snapshots: transitivePeerDependencies: - supports-color - electron@34.5.0: + electron@34.5.2: dependencies: '@electron/get': 2.0.3 '@types/node': 20.17.30 diff --git a/app/pnpm-workspace.yaml b/app/pnpm-workspace.yaml new file mode 100644 index 000000000..29abe3b48 --- /dev/null +++ b/app/pnpm-workspace.yaml @@ -0,0 +1,2 @@ +onlyBuiltDependencies: + - electron diff --git a/kernel/api/file.go b/kernel/api/file.go index 78d37064d..ad9c4bfd5 100644 --- a/kernel/api/file.go +++ b/kernel/api/file.go @@ -380,6 +380,12 @@ func putFile(c *gin.Context) { return } + if !isValidFileName(fileAbsPath) { // Improve kernel API `/api/file/putFile` parameter validation https://github.com/siyuan-note/siyuan/issues/14658 + ret.Code = http.StatusBadRequest + ret.Msg = "invalid file path, please check https://github.com/siyuan-note/siyuan/issues/14658 for more details" + return + } + isDirStr := c.PostForm("isDir") isDir, _ := strconv.ParseBool(isDirStr) @@ -459,3 +465,8 @@ func millisecond2Time(t int64) time.Time { msec := t % 1000 return time.Unix(sec, msec*int64(time.Millisecond)) } + +func isValidFileName(p string) bool { + name := filepath.Base(p) + return name == util.FilterUploadFileName(name) +}