Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the validity of the API moveBlock parameter previousID #8007

Closed
3 tasks done
frostime opened this issue Apr 15, 2023 · 0 comments
Closed
3 tasks done

Check the validity of the API moveBlock parameter previousID #8007

frostime opened this issue Apr 15, 2023 · 0 comments
Assignees
@88250
Labels
Enhancement
Milestone
2.8.5

Comments

@frostime
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Can the issue be reproduced with the default theme (daylight/midnight)?

  • I was able to reproduce the issue with the default theme

Could the issue be due to extensions?

  • I've ruled out the possibility that the extension is causing the problem.

Describe the problem

经过测试,在使用 Move API 的时候,如果 previousID 的类型为 doc,可能会导致需要移动的块直接丢失。

测试样例如下:

  1. 首先简单实现 move api
def request(route, data, token=GLOBAL_TOKEN):
    headers = {
        "Authorization": f"Token {token}",
        "Content-Type": "application/json",
    }
    response = requests.post(base_url + route, headers=headers, data=json.dumps(data))
    if response.ok:
        return response.json()
    else:
        return None

def moveBlock(id, previousID=None, parentID=None):
    data = {
        "id": id,
        "previousID": previousID,
        "parentID": parentID
    }
    return request('/api/block/moveBlock', data)

  1. 准备测试环境

    • 测试文档:20230415142506-jtkp8vu
    • 待移动块:20230415154400-wum1b1x
    • image

  2. 测试移动

src = '20230415154400-wum1b1x'
dst = '20230415142506-jtkp8vu'

moveBlock(src, previousID=dst)
  1. 块直接丢失
{'code': 0,
 'msg': '',
 'data': [{'doOperations': [{'action': 'move',
     'data': None,
     'id': '20230415154400-wum1b1x',
     'parentID': '',
     'previousID': '20230415142506-jtkp8vu',
     'nextID': '',
     'retData': None,
     'blockIDs': None,
     'deckID': '',
     'srcIDs': None,
     'name': '',
     'type': ''}],
   'undoOperations': None}]}

image

image

Expected result

可以抛出错误甚至软件崩溃都在可接受范围内,但是不能无声无息直接把块弄没了,什么提示也没有。

Screenshot or screen recording presentation

No response

Version environment

- Version: 2.8.4
- Operating System: Windows 10
- Browser (if used): 无,使用的是思源桌面版

Log file

Log 文件什么反应也没有

I 2023/04/15 16:00:40 repository.go:1077: synced data repo [provider=0, ufc=1, dfc=1, ucc=1, dcc=0, ub=44 kB, db=82 kB] in [1.52s]
I 2023/04/15 16:08:41 repository.go:1077: synced data repo [provider=0, ufc=0, dfc=1, ucc=0, dcc=0, ub=0 B, db=82 kB] in [0.23s]
I 2023/04/15 16:14:04 repository.go:1077: synced data repo [provider=0, ufc=1, dfc=1, ucc=1, dcc=0, ub=44 kB, db=82 kB] in [1.56s]
I 2023/04/15 16:15:25 repository.go:1077: synced data repo [provider=0, ufc=1, dfc=1, ucc=1, dcc=0, ub=44 kB, db=82 kB] in [1.45s]

More information

No response
@88250 88250 changed the title 「安全隐患」Move API 存在块丢失的风险 Improve API moveBlock parameter previousID compatibility Apr 17, 2023
@88250 88250 self-assigned this Apr 17, 2023
@88250 88250 added this to the 2.8.5 milestone Apr 17, 2023
@Soltus Soltus mentioned this issue Apr 17, 2023
Closed
@88250 88250 changed the title Improve API moveBlock parameter previousID compatibility Check of API moveBlock parameter previousID Apr 17, 2023
@88250 88250 changed the title Check of API moveBlock parameter previousID Check the validity of the API moveBlock parameter previousID Apr 17, 2023
88250 added a commit that referenced this issue Apr 17, 2023
@88250
🎨 Check the validity of the API moveBlock parameter previousID Fix
5014a92 
…#8007
@88250 88250 closed this as completed Apr 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Enhancement
Projects
None yet
Milestone
2.8.5
Development

No branches or pull requests
2 participants
@88250 @frostime