The previous implementation of the sync untracked feature would attempt
to run multiple queries in parallel. The `knex` framework appears to use
a separate connection for each query by default (unless the queries are
tied together by a transaction). When using sqlite, there is only a
single connection available in the knex database pool, causing this
feature to deadlock (when the initial query can not return all results
immediatly).
In this change, we switch to doing all of these queries in a
transaction, which causes all quries to occur on a single connection.
* Update render.js
# Improved handling of mustache expressions and v-pre attribute assignment
## Changes Made:
- Ensured that the parent tag of such text nodes is explicitly set to a `<p>` tag with the `v-pre` attribute.
- Added debug messages for better understanding of the script execution flow [THIS SHOULD REMOVED WHEN PUSHING TO PRODUCTION].
## Why it Works:
- When a mustache expression is found, the script either wraps it in a new `<p>` tag with the `v-pre` attribute or adds the `v-pre` attribute to the existing parent `<p>` tag.
- This approach ensures that the template code is not removed but encapsulated within `<p>` tags with the `v-pre` attribute, as required.
## Test Cases Passed:
1. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>`
2. `<xyz>{{ constructor.constructor('alert(1)')() }}</xyz>`
3. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</p>`
4. `<p><xyz>{{ constructor.constructor('alert(1)')() }}</xyz></p>`
5. `<p><xyz>{{constructor.constructor('alert("Test Case 8")')()}}<xyz>{{constructor.constructor('alert("Test Case 9")')()}}</xyz></p>`
This commit enhances the robustness and reliability of handling mustache expressions and ensures proper assignment of the `v-pre` attribute, to ensure that there is no room for the weaponization of the template code later in the rendering process.
* fix: move template expressions after dom-purify + handle text nodes without parent
---------
Co-authored-by: NGPixel <github@ngpixel.com>
* feat: added implementation for group mapping in SAML strategies
---------
Co-authored-by: Abderraouf El Gasser <abderraouf.elgasser@iktos.com>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
* fix: don't push files to git if ignored
* tweak: change gitPath var to gitFilePath
* fix: "update" instead of "create" of updated file
Co-authored-by: Jacob Parker <blocckba5her@gmail.com>
Co-authored-by: DevBlocky <16978528+DevBlocky@users.noreply.github.com>
* saml auth: `authnContext` must be a list now
This fixes
this.options.authnContext.forEach is not a function
when trying to login via SAML on wiki-js 2.5.281.
Reason for that is that `authnContext` must be a list now which is
apparently a breaking change that was missed while upgrading
passport-saml[1].
Resolves#5289
[1] https://github.com/node-saml/passport-saml/pull/615
* fix(auth): split authnContext for SAML authenticaiton module
Co-authored-by: Nicolas Giard <github@ngpixel.com>
Greg Darke
Ole Christian Tvedt
Nicolas Giard
Jacob Beneski
Ethan
CDN
Jasmine Tai
aelgasser
Pablo
Jason Minard
Jaeseo Park
Andrew McFadden
matt1097
DerekJarvis
robinho81
gueldi
Eric Knibbe
Charlotte County Public Schools
Aurélien Lajoie
Sleuth56
Boris
CDN
cannorin
natsutteatsuiyone
Simon Lichtinghagen
Andrei Senchuk
adroslice
Fionera
Jared Brogan
Pam S
Hexaflexagon
Mirco T
El Gato da Great
Maximilian Bosch
Erik Bigler