Fixes

ar2rsawseen · ar2rsawseen · commit f8f91f1f78f7 · 2025-11-26T18:47:08.000+02:00
diff --git a/api/jobs/ping.js b/api/jobs/ping.js
@@ -51,7 +51,7 @@ class PingJob extends job.Job {
 
                 if (days > 0) {
                     //calculate seconds timestamp of days before today
-                    var startTs = Math.round((new Date().getTime() - (30 * 24 * 60 * 60 * 1000)) / 1000);
+                    var startTs = Math.round((new Date().getTime() - (days * 24 * 60 * 60 * 1000)) / 1000);
 
                     //sync server events - use aggregation pipeline to group by day and action on MongoDB side
                     var aggregationPipeline = [
diff --git a/api/parts/mgmt/users.js b/api/parts/mgmt/users.js
@@ -861,6 +861,9 @@ usersApi.checkNoteEditPermission = async function(params) {
                     if (error) {
                         return reject(false);
                     }
+                    if (!note) {
+                        return resolve(false);
+                    }
                     const globalAdmin = params.member.global_admin;
                     const isAppAdmin = hasAdminAccess(params.member, params.qstring.app_id);
                     const noteOwner = (note.owner + '' === params.member._id + '');
diff --git a/api/utils/common.js b/api/utils/common.js
@@ -1071,7 +1071,7 @@ common.validateArgs = function(args, argProperties, returnErrors) {
             }
 
             if (argProperties[arg]['max-length']) {
-                if (args[arg].length > argProperties[arg]['max-length']) {
+                if (args[arg] && args[arg].length > argProperties[arg]['max-length']) {
                     if (returnErrors) {
                         returnObj.errors.push("Length of " + arg + " is greater than max length value");
                         returnObj.result = false;
@@ -1084,7 +1084,7 @@ common.validateArgs = function(args, argProperties, returnErrors) {
             }
 
             if (argProperties[arg]['min-length']) {
-                if (args[arg].length < argProperties[arg]['min-length']) {
+                if (args[arg] && args[arg].length < argProperties[arg]['min-length']) {
                     if (returnErrors) {
                         returnObj.errors.push("Length of " + arg + " is lower than min length value");
                         returnObj.result = false;
diff --git a/plugins/alerts/api/api.js b/plugins/alerts/api/api.js
@@ -193,6 +193,10 @@ const PERIOD_TO_TEXT_EXPRESSION_MAPPER = {
 
         validateCreate(params, FEATURE_NAME, function() {
             let alertConfig = params.qstring.alert_config;
+            if (!alertConfig) {
+                common.returnMessage(params, 400, 'Missing alert_config');
+                return;
+            }
             try {
                 alertConfig = JSON.parse(alertConfig);
                 var checkProps = {
diff --git a/plugins/compliance-hub/api/api.js b/plugins/compliance-hub/api/api.js
@@ -136,7 +136,7 @@ const FEATURE_NAME = 'compliance_hub';
         case 'current': {
             if (!params.qstring.app_id) {
                 common.returnMessage(params, 400, 'Missing parameter "app_id"');
-                return false;
+                return true;
             }
             validateRead(params, FEATURE_NAME, function() {
                 var query = params.qstring.query || {};
@@ -157,7 +157,7 @@ const FEATURE_NAME = 'compliance_hub';
         case 'search': {
             if (!params.qstring.app_id) {
                 common.returnMessage(params, 400, 'Missing parameter "app_id"');
-                return false;
+                return true;
             }
             validateRead(params, FEATURE_NAME, function() {
                 var query = params.qstring.query || {};
@@ -279,7 +279,7 @@ const FEATURE_NAME = 'compliance_hub';
         case 'consents': {
             if (!params.qstring.app_id) {
                 common.returnMessage(params, 400, 'Missing parameter "app_id"');
-                return false;
+                return true;
             }
             validateRead(params, FEATURE_NAME, function() {
                 appUsers.count(params.qstring.app_id, {}, function(err, total) {
diff --git a/plugins/reports/api/api.js b/plugins/reports/api/api.js
@@ -94,6 +94,8 @@ const FEATURE_NAME = 'reports';
             }
             catch (SyntaxError) {
                 console.log('Parse ' + paramsInstance.qstring.args + ' JSON failed');
+                common.returnMessage(paramsInstance, 400, 'Invalid JSON in args');
+                return true;
             }
         }
 
@@ -218,6 +220,8 @@ const FEATURE_NAME = 'reports';
             }
             catch (SyntaxError) {
                 console.log('Parse ' + paramsInstance.qstring.args + ' JSON failed');
+                common.returnMessage(paramsInstance, 400, 'Invalid JSON in args');
+                return true;
             }
         }
         const recordUpdateOrDeleteQuery = function(params, recordID) {
@@ -256,6 +260,11 @@ const FEATURE_NAME = 'reports';
 
                 // TODO: handle report type check
 
+                if (!props.apps || !Array.isArray(props.apps) || props.apps.length === 0) {
+                    common.returnMessage(params, 400, 'Invalid or missing apps');
+                    return;
+                }
+
                 let userApps = getUserApps(params.member);
                 let notPermitted = false;
                 for (var i = 0; i < props.apps.length; i++) {

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,8 @@ const FEATURE_NAME = 'reports';`
`94`	`94`	`}`
`95`	`95`	`catch (SyntaxError) {`
`96`	`96`	`console.log('Parse ' + paramsInstance.qstring.args + ' JSON failed');`
	`97`	`+ common.returnMessage(paramsInstance, 400, 'Invalid JSON in args');`
	`98`	`+ return true;`
`97`	`99`	`}`
`98`	`100`	`}`
`99`	`101`
`@@ -218,6 +220,8 @@ const FEATURE_NAME = 'reports';`
`218`	`220`	`}`
`219`	`221`	`catch (SyntaxError) {`
`220`	`222`	`console.log('Parse ' + paramsInstance.qstring.args + ' JSON failed');`
	`223`	`+ common.returnMessage(paramsInstance, 400, 'Invalid JSON in args');`
	`224`	`+ return true;`
`221`	`225`	`}`
`222`	`226`	`}`
`223`	`227`	`const recordUpdateOrDeleteQuery = function(params, recordID) {`
`@@ -256,6 +260,11 @@ const FEATURE_NAME = 'reports';`
`256`	`260`
`257`	`261`	`// TODO: handle report type check`
`258`	`262`
	`263`	`+ if (!props.apps \|\| !Array.isArray(props.apps) \|\| props.apps.length === 0) {`
	`264`	`+ common.returnMessage(params, 400, 'Invalid or missing apps');`
	`265`	`+ return;`
	`266`	`+ }`
	`267`	`+`
`259`	`268`	`let userApps = getUserApps(params.member);`
`260`	`269`	`let notPermitted = false;`
`261`	`270`	`for (var i = 0; i < props.apps.length; i++) {`