tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix: custom fields of Upload and Link features not being sanitized (both Slate and Lexical)

Browse Source
This commit is contained in:
Alessio Gravili
2023-10-06 15:47:31 +02:00
parent 63bae989bb
commit cffb5663aa
6 changed files with 73 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/richtext-lexical/src/field/features/Link/plugins/floatingLinkEditor/LinkEditor/index.tsx
View File

@@ -23,6 +23,7 @@ import {
useEditDepth, useEditDepth,
useLocale, useLocale,
} from 'payload/components/utilities' } from 'payload/components/utilities'
import { sanitizeFields } from 'payload/config'
import { getTranslation } from 'payload/utilities' import { getTranslation } from 'payload/utilities'
import React, { useCallback, useEffect, useRef, useState } from 'react' import React, { useCallback, useEffect, useRef, useState } from 'react'
import { useTranslation } from 'react-i18next' import { useTranslation } from 'react-i18next'
@@ -65,7 +66,14 @@ export function LinkEditor({
const [initialState, setInitialState] = useState<Fields>({}) const [initialState, setInitialState] = useState<Fields>({})
const [fieldSchema] = useState(() => { const [fieldSchema] = useState(() => {
const fields = transformExtraFields(customFieldSchema, config, i18n) const fieldsUnsanitized = transformExtraFields(customFieldSchema, config, i18n)
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fields = sanitizeFields({
config: config,
fields: fieldsUnsanitized,
validRelationships,
})
return fields return fields
}) })

25
packages/richtext-lexical/src/field/features/Upload/component/ExtraFieldsDrawer/index.tsx
View File

@@ -12,7 +12,7 @@ import {
useDocumentInfo, useDocumentInfo,
useLocale, useLocale,
} from 'payload/components/utilities' } from 'payload/components/utilities'
import { fieldTypes } from 'payload/config' import { fieldTypes, sanitizeFields } from 'payload/config'
import { deepCopyObject, getTranslation } from 'payload/utilities' import { deepCopyObject, getTranslation } from 'payload/utilities'
import React, { useCallback, useEffect, useState } from 'react' import React, { useCallback, useEffect, useState } from 'react'
import { useTranslation } from 'react-i18next' import { useTranslation } from 'react-i18next'
@@ -50,10 +50,19 @@ export const ExtraFieldsUploadDrawer: React.FC<
const { closeModal } = useModal() const { closeModal } = useModal()
const { getDocPreferences } = useDocumentInfo() const { getDocPreferences } = useDocumentInfo()
const [initialState, setInitialState] = useState({}) const [initialState, setInitialState] = useState({})
const fieldSchema = (editorConfig?.resolvedFeatureMap.get('upload')?.props as UploadFeatureProps) const fieldSchemaUnsanitized = (
?.collections?.[relatedCollection.slug]?.fields editorConfig?.resolvedFeatureMap.get('upload')?.props as UploadFeatureProps
)?.collections?.[relatedCollection.slug]?.fields
const config = useConfig() const config = useConfig()
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fieldSchema = sanitizeFields({
config: config,
fields: fieldSchemaUnsanitized,
validRelationships,
})
const handleUpdateEditData = useCallback( const handleUpdateEditData = useCallback(
(_, data) => { (_, data) => {
// Update lexical node (with key nodeKey) with new data // Update lexical node (with key nodeKey) with new data
@@ -74,6 +83,14 @@ export const ExtraFieldsUploadDrawer: React.FC<
) )
useEffect(() => { useEffect(() => {
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fieldSchema = sanitizeFields({
config: config,
fields: fieldSchemaUnsanitized,
validRelationships,
})
const awaitInitialState = async () => { const awaitInitialState = async () => {
const preferences = await getDocPreferences() const preferences = await getDocPreferences()
const state = await buildStateFromSchema({ const state = await buildStateFromSchema({
@@ -90,7 +107,7 @@ export const ExtraFieldsUploadDrawer: React.FC<
} }
void awaitInitialState() void awaitInitialState()
}, [user, locale, t, getDocPreferences, fields, fieldSchema]) }, [user, locale, t, getDocPreferences, fields, fieldSchemaUnsanitized, config])
return ( return (
<Drawer <Drawer

6
packages/richtext-lexical/src/validate/validateNodes.ts
View File

@@ -19,7 +19,11 @@ export async function validateNodes({
}): Promise<string | true> { }): Promise<string | true> {
for (const node of nodes) { for (const node of nodes) {
// Validate node // Validate node
if (nodeValidations?.has(node.type)) { if (
nodeValidations &&
typeof nodeValidations?.has === 'function' &&
nodeValidations?.has(node.type)
) {
const validations = nodeValidations.get(node.type) const validations = nodeValidations.get(node.type)
for (const validation of validations) { for (const validation of validations) {
const validationResult = await validation({ const validationResult = await validation({

10
packages/richtext-slate/src/field/elements/link/Button/index.tsx
View File

@@ -10,6 +10,7 @@ import {
useDocumentInfo, useDocumentInfo,
useLocale, useLocale,
} from 'payload/components/utilities' } from 'payload/components/utilities'
import { sanitizeFields } from 'payload/config'
import React, { Fragment, useState } from 'react' import React, { Fragment, useState } from 'react'
import { useTranslation } from 'react-i18next' import { useTranslation } from 'react-i18next'
import { Editor, Range, Transforms } from 'slate' import { Editor, Range, Transforms } from 'slate'
@@ -75,7 +76,14 @@ export const LinkButton: React.FC<{
const config = useConfig() const config = useConfig()
const [fieldSchema] = useState(() => { const [fieldSchema] = useState(() => {
const fields = transformExtraFields(customFieldSchema, config, i18n) const fieldsUnsanitized = transformExtraFields(customFieldSchema, config, i18n)
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fields = sanitizeFields({
config: config,
fields: fieldsUnsanitized,
validRelationships,
})
return fields return fields
}) })

10
packages/richtext-slate/src/field/elements/link/Element/index.tsx
View File

@@ -12,6 +12,7 @@ import {
useDocumentInfo, useDocumentInfo,
useLocale, useLocale,
} from 'payload/components/utilities' } from 'payload/components/utilities'
import { sanitizeFields } from 'payload/config'
import { deepCopyObject, getTranslation } from 'payload/utilities' import { deepCopyObject, getTranslation } from 'payload/utilities'
import React, { useCallback, useEffect, useState } from 'react' import React, { useCallback, useEffect, useState } from 'react'
import { Trans, useTranslation } from 'react-i18next' import { Trans, useTranslation } from 'react-i18next'
@@ -77,7 +78,14 @@ export const LinkElement: React.FC<{
const [initialState, setInitialState] = useState<Fields>({}) const [initialState, setInitialState] = useState<Fields>({})
const { getDocPreferences } = useDocumentInfo() const { getDocPreferences } = useDocumentInfo()
const [fieldSchema] = useState(() => { const [fieldSchema] = useState(() => {
const fields = transformExtraFields(customFieldSchema, config, i18n) const fieldsUnsanitized = transformExtraFields(customFieldSchema, config, i18n)
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fields = sanitizeFields({
config: config,
fields: fieldsUnsanitized,
validRelationships,
})
return fields return fields
}) })

23
packages/richtext-slate/src/field/elements/upload/Element/UploadDrawer/index.tsx
View File

@@ -10,7 +10,7 @@ import {
useDocumentInfo, useDocumentInfo,
useLocale, useLocale,
} from 'payload/components/utilities' } from 'payload/components/utilities'
import { fieldTypes } from 'payload/config' import { fieldTypes, sanitizeFields } from 'payload/config'
import { deepCopyObject, getTranslation } from 'payload/utilities' import { deepCopyObject, getTranslation } from 'payload/utilities'
import React, { useCallback, useEffect, useState } from 'react' import React, { useCallback, useEffect, useState } from 'react'
import { useTranslation } from 'react-i18next' import { useTranslation } from 'react-i18next'
@@ -35,9 +35,18 @@ export const UploadDrawer: React.FC<
const { closeModal } = useModal() const { closeModal } = useModal()
const { getDocPreferences } = useDocumentInfo() const { getDocPreferences } = useDocumentInfo()
const [initialState, setInitialState] = useState({}) const [initialState, setInitialState] = useState({})
const fieldSchema = fieldProps?.admin?.upload?.collections?.[relatedCollection.slug]?.fields const fieldSchemaUnsanitized =
fieldProps?.admin?.upload?.collections?.[relatedCollection.slug]?.fields
const config = useConfig() const config = useConfig()
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fieldSchema = sanitizeFields({
config: config,
fields: fieldSchemaUnsanitized,
validRelationships,
})
const handleUpdateEditData = useCallback( const handleUpdateEditData = useCallback(
(_, data) => { (_, data) => {
const newNode = { const newNode = {
@@ -53,6 +62,14 @@ export const UploadDrawer: React.FC<
) )
useEffect(() => { useEffect(() => {
// Sanitize custom fields here
const validRelationships = config.collections.map((c) => c.slug) || []
const fieldSchema = sanitizeFields({
config: config,
fields: fieldSchemaUnsanitized,
validRelationships,
})
const awaitInitialState = async () => { const awaitInitialState = async () => {
const preferences = await getDocPreferences() const preferences = await getDocPreferences()
const state = await buildStateFromSchema({ const state = await buildStateFromSchema({
@@ -69,7 +86,7 @@ export const UploadDrawer: React.FC<
} }
awaitInitialState() awaitInitialState()
}, [fieldSchema, element.fields, user, locale, t, getDocPreferences]) }, [fieldSchemaUnsanitized, config, element.fields, user, locale, t, getDocPreferences])
return ( return (
<Drawer <Drawer