Home Explore Help
Register Sign In
oleg
/
inpx-web
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

В cli добавлен параметр 'unsafe-filter'

Book Pauk 2 years ago
parent
53873910c2
commit
9c72651804
2 changed files with 7 additions and 2 deletions
Split View Show Diff Stats
  1. 6 2
      server/core/DbCreator.js
  2. 1 0
      server/index.js

+ 6 - 2
server/core/DbCreator.js
View File 

@@ -76,8 +76,12 @@ class DbCreator {
 
         if (inpxFilter) {
 
 
             let recFilter = () => true;
 
-            if (inpxFilter.filter)
 
-                recFilter = new Function(`'use strict'; return ${inpxFilter.filter}`)();
 
+            if (inpxFilter.filter) {
 
+                if (config.allowUnsafeFilter)
 
+                    recFilter = new Function(`'use strict'; return ${inpxFilter.filter}`)();
 
+                else
 
+                    throw new Error(`Unsafe property 'filter' detected in ${this.config.inpxFilterFile}. Please specify '--unsafe-filter' param if you know what you're doing.`);
 
+            }
 
 
             filter = (rec) => {
 
                 let author = rec.author;

+ 1 - 0
server/index.js
View File 

@@ -104,6 +104,7 @@ async function init() {
 
 
     config.recreateDb = argv.recreate || false;
 
     config.inpxFilterFile = `${config.execDir}/inpx-web-filter.json`;
 
+    config.allowUnsafeFilter = argv['unsafe-filter'] || false;
 
 
     //app
 
     const appDir = `${config.publicDir}/app`;