Skip to content

Commit 3a4473c

Browse files
mProjectsCodemProjectsCode
committed
button action line number validation
1 parent 9fd934c commit 3a4473c

File tree

2 files changed

+27
-7
lines changed

2 files changed

+27
-7
lines changed

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Obsidian Meta Bind Changelog
22

3-
# 1.0.0
3+
# 1.0.0 (UNRELEASED)
44

55
New Features
66

packages/core/src/fields/button/ButtonActionRunner.ts

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -270,14 +270,22 @@ export class ButtonActionRunner {
270270
}
271271

272272
async runReplaceInNoteAction(action: ReplaceInNoteButtonAction, filePath: string): Promise<void> {
273-
const replacement = action.templater
274-
? await this.plugin.internal.evaluateTemplaterTemplate(action.replacement, filePath)
275-
: action.replacement;
273+
if (action.fromLine > action.toLine) {
274+
throw new Error('From line cannot be greater than to line');
275+
}
276276

277277
const content = await this.plugin.internal.readFilePath(filePath);
278278

279279
let splitContent = content.split('\n');
280280

281+
if (action.fromLine < 0 || action.toLine > splitContent.length + 1) {
282+
throw new Error('Line numbers out of bounds');
283+
}
284+
285+
const replacement = action.templater
286+
? await this.plugin.internal.evaluateTemplaterTemplate(action.replacement, filePath)
287+
: action.replacement;
288+
281289
splitContent = [
282290
...splitContent.slice(0, action.fromLine - 1),
283291
replacement,
@@ -301,14 +309,22 @@ export class ButtonActionRunner {
301309
throw new Error('Position of the button in the note is unknown');
302310
}
303311

304-
const replacement = action.templater
305-
? await this.plugin.internal.evaluateTemplaterTemplate(action.replacement, filePath)
306-
: action.replacement;
312+
if (position.lineStart > position.lineEnd) {
313+
throw new Error('Position of the button in the note is invalid');
314+
}
307315

308316
const content = await this.plugin.internal.readFilePath(filePath);
309317

310318
let splitContent = content.split('\n');
311319

320+
if (position.lineStart < 0 || position.lineEnd > splitContent.length + 1) {
321+
throw new Error('Position of the button in the note is out of bounds');
322+
}
323+
324+
const replacement = action.templater
325+
? await this.plugin.internal.evaluateTemplaterTemplate(action.replacement, filePath)
326+
: action.replacement;
327+
312328
splitContent = [
313329
...splitContent.slice(0, position.lineStart),
314330
replacement,
@@ -335,6 +351,10 @@ export class ButtonActionRunner {
335351

336352
let splitContent = content.split('\n');
337353

354+
if (action.line < 1 || action.line > splitContent.length + 1) {
355+
throw new Error('Line number out of bounds');
356+
}
357+
338358
const replacement = action.templater
339359
? await this.plugin.internal.evaluateTemplaterTemplate(action.value, filePath)
340360
: action.value;

0 commit comments

Comments
 (0)