Skip to content

Commit

Permalink
Update launch editor validations
Browse files Browse the repository at this point in the history
  • Loading branch information
@tharakawj
tharakawj committed Dec 16, 2017
1 parent 7bcf470 commit 2e346d4
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 8 deletions.
8 changes: 3 additions & 5 deletions packages/react-dev-utils/errorOverlayMiddleware.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,9 @@ const launchEditorEndpoint = require('./launchEditorEndpoint');
module.exports = function createLaunchEditorMiddleware() {
return function launchEditorMiddleware(req, res, next) {
if (req.url.startsWith(launchEditorEndpoint)) {
launchEditor(
req.query.fileName,
req.query.lineNumber,
req.query.colNumber
);
const lineNumber = parseInt(req.query.lineNumber, 10) || 1;
const colNumber = parseInt(req.query.colNumber, 10) || 1;
launchEditor(req.query.fileName, lineNumber, colNumber);
res.end();
} else {
next();
Expand Down
9 changes: 6 additions & 3 deletions packages/react-dev-utils/launchEditor.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -260,13 +260,16 @@ function launchEditor(fileName, lineNumber, colNumber) {

// Sanitize lineNumber to prevent malicious use on win32
// via: https://github.com/nodejs/node/blob/c3bb4b1aa5e907d489619fb43d233c3336bfc03d/lib/child_process.js#L333
if (lineNumber && isNaN(lineNumber)) {
// and it should be a positive integer
if (!(Number.isInteger(lineNumber) && lineNumber > 0)) {
return;
}

// colNumber is optional, but should be a number
// colNumber is optional, but should be a positive integer too
// default is 1
colNumber = parseInt(colNumber, 10) || 1;
if (!(Number.isInteger(colNumber) && colNumber > 0)) {
colNumber = 1;
}

let [editor, ...args] = guessEditor();
if (!editor) {
Expand Down

0 comments on commit 2e346d4

Please sign in to comment.