diff --git a/packages/nocodb/src/lib/meta/api/projectApis.ts b/packages/nocodb/src/lib/meta/api/projectApis.ts index 19797f92cc..2f438e81fc 100644 --- a/packages/nocodb/src/lib/meta/api/projectApis.ts +++ b/packages/nocodb/src/lib/meta/api/projectApis.ts @@ -23,6 +23,7 @@ import getColumnUiType from '../helpers/getColumnUiType'; import mapDefaultPrimaryValue from '../helpers/mapDefaultPrimaryValue'; import { extractAndGenerateManyToManyRelations } from './metaDiffApis'; import { metaApiMetrics } from '../helpers/apiMetrics'; +import { extractPropsAndSanitize } from '../helpers/extractProps'; const nanoid = customAlphabet('1234567890abcdefghijklmnopqrstuvwxyz_', 4); @@ -48,10 +49,10 @@ export async function projectUpdate( ) { const project = await Project.getWithInfo(req.params.projectId); - // only support updating title at this moment - const data: any = { - title: DOMPurify.sanitize(req?.body?.title), - }; + const data: Partial = extractPropsAndSanitize(req?.body, [ + 'title', + 'meta', + ]); if (await Project.getByTitle(data.title) && project.title !== data.title) { NcError.badRequest('Project title already in use'); diff --git a/packages/nocodb/src/lib/meta/helpers/extractProps.ts b/packages/nocodb/src/lib/meta/helpers/extractProps.ts index ba4aef7bb2..0f3924be4b 100644 --- a/packages/nocodb/src/lib/meta/helpers/extractProps.ts +++ b/packages/nocodb/src/lib/meta/helpers/extractProps.ts @@ -1,7 +1,17 @@ -export default function extractProps(body: T, props: string[]): Partial { +import DOMPurify from 'isomorphic-dompurify'; + +export function extractProps(body: T, props: string[]): Partial { // todo: throw error if no props found return props.reduce((o, key) => { if (key in body) o[key] = body[key]; return o; }, {}); } + +export function extractPropsAndSanitize(body: T, props: string[]): Partial { + // todo: throw error if no props found + return props.reduce((o, key) => { + if (key in body) o[key] = DOMPurify.sanitize(body[key]); + return o; + }, {}); +} diff --git a/packages/nocodb/src/lib/models/Base.ts b/packages/nocodb/src/lib/models/Base.ts index 0244205d27..c84395959b 100644 --- a/packages/nocodb/src/lib/models/Base.ts +++ b/packages/nocodb/src/lib/models/Base.ts @@ -10,7 +10,7 @@ import Model from './Model'; import { BaseType } from 'nocodb-sdk'; import NocoCache from '../cache/NocoCache'; import CryptoJS from 'crypto-js'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; // todo: hide credentials export default class Base implements BaseType { diff --git a/packages/nocodb/src/lib/models/FormViewColumn.ts b/packages/nocodb/src/lib/models/FormViewColumn.ts index f6609daa10..fb4028e027 100644 --- a/packages/nocodb/src/lib/models/FormViewColumn.ts +++ b/packages/nocodb/src/lib/models/FormViewColumn.ts @@ -3,7 +3,7 @@ import { CacheGetType, CacheScope, MetaTable } from '../utils/globals'; import { FormColumnType } from 'nocodb-sdk'; import View from './View'; import NocoCache from '../cache/NocoCache'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; export default class FormViewColumn implements FormColumnType { id?: string; diff --git a/packages/nocodb/src/lib/models/FormulaColumn.ts b/packages/nocodb/src/lib/models/FormulaColumn.ts index a0bc2d67fc..106b78934c 100644 --- a/packages/nocodb/src/lib/models/FormulaColumn.ts +++ b/packages/nocodb/src/lib/models/FormulaColumn.ts @@ -1,7 +1,7 @@ import Noco from '../Noco'; import { CacheGetType, CacheScope, MetaTable } from '../utils/globals'; import NocoCache from '../cache/NocoCache'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; export default class FormulaColumn { formula: string; diff --git a/packages/nocodb/src/lib/models/GridViewColumn.ts b/packages/nocodb/src/lib/models/GridViewColumn.ts index e43083cc69..8088c93037 100644 --- a/packages/nocodb/src/lib/models/GridViewColumn.ts +++ b/packages/nocodb/src/lib/models/GridViewColumn.ts @@ -1,7 +1,7 @@ import Noco from '../Noco'; import { CacheGetType, CacheScope, MetaTable } from '../utils/globals'; import { GridColumnType } from 'nocodb-sdk'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; import View from './View'; import NocoCache from '../cache/NocoCache'; diff --git a/packages/nocodb/src/lib/models/HookLog.ts b/packages/nocodb/src/lib/models/HookLog.ts index 3b83c6d93c..cd49df5358 100644 --- a/packages/nocodb/src/lib/models/HookLog.ts +++ b/packages/nocodb/src/lib/models/HookLog.ts @@ -1,6 +1,6 @@ import { MetaTable } from '../utils/globals'; import Noco from '../Noco'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; import Hook from './Hook'; import { HookLogType } from 'nocodb-sdk'; diff --git a/packages/nocodb/src/lib/models/Project.ts b/packages/nocodb/src/lib/models/Project.ts index c17561520a..b100504aa1 100644 --- a/packages/nocodb/src/lib/models/Project.ts +++ b/packages/nocodb/src/lib/models/Project.ts @@ -7,7 +7,7 @@ import { CacheScope, MetaTable, } from '../utils/globals'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; import NocoCache from '../cache/NocoCache'; export default class Project implements ProjectType { diff --git a/packages/nocodb/src/lib/models/SyncSource.ts b/packages/nocodb/src/lib/models/SyncSource.ts index 408a1cf0da..3c14aa81d2 100644 --- a/packages/nocodb/src/lib/models/SyncSource.ts +++ b/packages/nocodb/src/lib/models/SyncSource.ts @@ -1,6 +1,6 @@ import Noco from '../Noco'; import { MetaTable } from '../utils/globals'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; import User from './User'; export default class SyncSource { diff --git a/packages/nocodb/src/lib/models/User.ts b/packages/nocodb/src/lib/models/User.ts index 3e24027f60..19edcfaec6 100644 --- a/packages/nocodb/src/lib/models/User.ts +++ b/packages/nocodb/src/lib/models/User.ts @@ -1,7 +1,7 @@ import { UserType } from 'nocodb-sdk'; import { CacheGetType, CacheScope, MetaTable } from '../utils/globals'; import Noco from '../Noco'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; import NocoCache from '../cache/NocoCache'; export default class User implements UserType { id: string; diff --git a/packages/nocodb/src/lib/models/View.ts b/packages/nocodb/src/lib/models/View.ts index b1640f029e..c51fed4aaf 100644 --- a/packages/nocodb/src/lib/models/View.ts +++ b/packages/nocodb/src/lib/models/View.ts @@ -18,7 +18,7 @@ import GalleryViewColumn from './GalleryViewColumn'; import FormViewColumn from './FormViewColumn'; import Column from './Column'; import NocoCache from '../cache/NocoCache'; -import extractProps from '../meta/helpers/extractProps'; +import { extractProps } from '../meta/helpers/extractProps'; const { v4: uuidv4 } = require('uuid'); export default class View implements ViewType {