From 8ff63ba40e13d9731e3ff1d78dd847318f122c8f Mon Sep 17 00:00:00 2001 From: Chris Brame Date: Wed, 30 Jan 2019 16:26:06 -0500 Subject: [PATCH] fix(ldap): crash if no results are returned --- .snyk | 10 ++++++- src/controllers/accounts.js | 1 + .../js/angularjs/controllers/tickets.js | 26 +++++++++---------- src/settings/defaults.js | 1 + 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/.snyk b/.snyk index 1b9e7e8dd..e8021e27d 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.8.0 +version: v1.13.3 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: 'npm:ms:20170412': @@ -40,6 +40,14 @@ ignore: - pm2 > shelljs: reason: None given expires: '2017-06-16T22:52:26.705Z' + 'npm:mailparser:20180625': + - mailparser: + reason: None given + expires: '2019-03-01T20:00:32.980Z' + 'npm:mem:20180117': + - libnpx > yargs > os-locale > mem: + reason: None given + expires: '2019-03-01T20:00:32.980Z' # patches apply the minimum changes required to fix a vulnerability patch: 'npm:marked:20170112': diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js index 1b2bf6e0d..99775a0f5 100644 --- a/src/controllers/accounts.js +++ b/src/controllers/accounts.js @@ -221,6 +221,7 @@ accountsController.bindLdap = function (req, res) { ldap.search(searchBase, filter, function (err, results) { if (err && !res.headersSent) return res.status(400).json({ success: false, error: err }) + if (_.isUndefined(results)) return res.status(400).json({ success: false, error: 'Undefined Results' }) var entries = results.entries var foundUsers = null diff --git a/src/public/js/angularjs/controllers/tickets.js b/src/public/js/angularjs/controllers/tickets.js index 76f2f8c67..bc7208c9f 100644 --- a/src/public/js/angularjs/controllers/tickets.js +++ b/src/public/js/angularjs/controllers/tickets.js @@ -1,16 +1,16 @@ -/** - . .o8 oooo - .o8 "888 `888 - .o888oo oooo d8b oooo oooo .oooo888 .ooooo. .oooo.o 888 oooo - 888 `888""8P `888 `888 d88' `888 d88' `88b d88( "8 888 .8P' - 888 888 888 888 888 888 888ooo888 `"Y88b. 888888. - 888 . 888 888 888 888 888 888 .o o. )88b 888 `88b. - "888" d888b `V88V"V8P' `Y8bod88P" `Y8bod8P' 8""888P' o888o o888o - ======================================================================== - Created: 02/10/2015 - Author: Chris Brame - - **/ +/* + * . .o8 oooo + * .o8 "888 `888 + * .o888oo oooo d8b oooo oooo .oooo888 .ooooo. .oooo.o 888 oooo + * 888 `888""8P `888 `888 d88' `888 d88' `88b d88( "8 888 .8P' + * 888 888 888 888 888 888 888ooo888 `"Y88b. 888888. + * 888 . 888 888 888 888 888 888 .o o. )88b 888 `88b. + * "888" d888b `V88V"V8P' `Y8bod88P" `Y8bod8P' 8""888P' o888o o888o + * ======================================================================== + * Author: Chris Brame + * Updated: 1/30/19 3:05 AM + * Copyright (c) 2014-2019. All rights reserved. + */ define([ 'angular', diff --git a/src/settings/defaults.js b/src/settings/defaults.js index f4abbe65f..bbd6e401b 100644 --- a/src/settings/defaults.js +++ b/src/settings/defaults.js @@ -164,6 +164,7 @@ function ticketTypeSettingDefault (callback) { var type = _.first(types) if (!type) return callback('No Types Defined!') + if (!_.isPlainObject(type) || !_.has(type, '_id')) return callback('Invalid Type. Skipping.') // Save default ticket type var defaultTicketType = new SettingsSchema({