From 95535aa3b02982378a7f0642fb26ea7b6197eaf0 Mon Sep 17 00:00:00 2001
From: Nick <github@ngpixel.com>
Date: Wed, 2 Oct 2019 00:44:18 -0400
Subject: [PATCH] fix: prevent dots and spaces in page path during create

---
 server/helpers/error.js | 4 ++++
 server/models/pages.js  | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/server/helpers/error.js b/server/helpers/error.js
index 381430a4..7226249a 100644
--- a/server/helpers/error.js
+++ b/server/helpers/error.js
@@ -129,6 +129,10 @@ module.exports = {
     message: 'Page content cannot be empty.',
     code: 6004
   }),
+  PageIllegalPath: CustomError('PageIllegalPath', {
+    message: 'Page path cannot contains illegal characters.',
+    code: 6005
+  }),
   PageNotFound: CustomError('PageNotFound', {
     message: 'This page does not exist.',
     code: 6003
diff --git a/server/models/pages.js b/server/models/pages.js
index 6d538838..5e7f80e1 100644
--- a/server/models/pages.js
+++ b/server/models/pages.js
@@ -213,6 +213,10 @@ module.exports = class Page extends Model {
    * @returns {Promise} Promise of the Page Model Instance
    */
   static async createPage(opts) {
+    if (opts.path.indexOf('.') >= 0 || opts.path.indexOf(' ') >= 0) {
+      throw new WIKI.Error.PageIllegalPath()
+    }
+
     const dupCheck = await WIKI.models.pages.query().select('id').where('localeCode', opts.locale).where('path', opts.path).first()
     if (dupCheck) {
       throw new WIKI.Error.PageDuplicateCreate()