From 7f4400961793aedb29da39d84e6773ecb0a0f5ee Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Thu, 8 Apr 2021 13:04:12 +0200
Subject: [PATCH] Better validation function in decrees

---
 lib/decrees.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/decrees.js b/lib/decrees.js
index 9ee294608..09bf1926e 100644
--- a/lib/decrees.js
+++ b/lib/decrees.js
@@ -129,13 +129,19 @@ commands.SET_ACCOUNT_RETENTION_TIME = makeIntegerSetter('accountRetentionTime');
 var args_isString = function (args) {
     return Array.isArray(args) && typeof(args[0]) === "string";
 };
+
+// Maintenance: Empty string or an object with a start and end time
+var isNumber = function (value) {
+    return typeof(value) === "number" && !isNaN(value);
+};
 var args_isMaintenance = function (args) {
-    return Array.isArray(args) && args[0] && args[0].end && args[0].start; // XXX we could validate that these are numbers && !isNaN
+    return Array.isArray(args) && args[0] &&
+        (args[0] === "" || (isNumber(args[0].end) && isNumber(args[0].start)));
 };
 
-var makeBroadcastSetter = function (attr) { // XXX could pass extra validation here?
+var makeBroadcastSetter = function (attr, validation) {
     return function (Env, args) {
-        if (!args_isString(args) && !args_isMaintenance(args)) {
+        if ((validation && !validation(args)) || !args_isString(args)) {
             throw new Error('INVALID_ARGS');
         }
         var str = args[0];
@@ -154,7 +160,7 @@ commands.SET_SURVEY_URL = makeBroadcastSetter('surveyURL'); // XXX anticipate la
 
 // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['SET_MAINTENANCE', [{start: +Date, end: +Date}]]], console.log)
 // CryptPad_AsyncStore.rpc.send('ADMIN', [ 'ADMIN_DECREE', ['SET_MAINTENANCE', [""]]], console.log)
-commands.SET_MAINTENANCE = makeBroadcastSetter('maintenance');
+commands.SET_MAINTENANCE = makeBroadcastSetter('maintenance', args_isMaintenance);
 
 var Quota = require("./commands/quota");
 var Keys = require("./keys");