File tree Expand file tree Collapse file tree 1 file changed +26
-7
lines changed Expand file tree Collapse file tree 1 file changed +26
-7
lines changed Original file line number Diff line number Diff line change @@ -2391,19 +2391,38 @@ export class Stack {
23912391 }
23922392
23932393 private sanitizeIQuery ( query : IQuery ) : boolean {
2394+ const allowedKeys = {
2395+ _content_type_uid : 'string' ,
2396+ uid : 'string' ,
2397+ _version : {
2398+ $exists : 'boolean'
2399+ } ,
2400+ locale : 'string'
2401+ } ;
2402+
2403+ const validateObject = ( obj : any , schema : any ) : boolean => {
2404+ for ( const key in obj ) {
2405+ if ( ! schema . hasOwnProperty ( key ) ) {
2406+ return false ;
2407+ }
2408+ if ( typeof schema [ key ] === 'object' ) {
2409+ if ( ! validateObject ( obj [ key ] , schema [ key ] ) ) {
2410+ return false ;
2411+ }
2412+ } else if ( typeof obj [ key ] !== schema [ key ] ) {
2413+ return false ;
2414+ }
2415+ }
2416+ return true ;
2417+ } ;
23942418 if ( ! query || typeof query !== 'object' || Array . isArray ( query ) ) {
23952419 return false ;
23962420 }
2397- if ( ! query || ! Array . isArray ( query . $or ) ) {
2421+ if ( ! query . $or || ! Array . isArray ( query . $or ) ) {
23982422 return false ;
23992423 }
24002424 for ( const item of query . $or ) {
2401- if (
2402- typeof item . _content_type_uid !== 'string' ||
2403- typeof item . uid !== 'string' ||
2404- ( item . _version && typeof item . _version . $exists !== 'boolean' ) ||
2405- ( item . locale && typeof item . locale !== 'string' )
2406- ) {
2425+ if ( ! validateObject ( item , allowedKeys ) ) {
24072426 return false ;
24082427 }
24092428 }
You can’t perform that action at this time.
0 commit comments