From d16c71966b119c3c456e0614e32615eb9fa0f008 Mon Sep 17 00:00:00 2001
From: caryoscelus <caryoscelus@gmx.com>
Date: Mon, 3 Jul 2023 21:19:40 +0000
Subject: [PATCH] fix ReDoS in file editor (UiFileManager plugin) due to
 outdated codemirror

just patched from updated version, ideally codemirror dependency should be
included during build stage, but there's no infrastructure for that (yet)
---
 CHANGELOG.md                                              | 3 ++-
 plugins/UiFileManager/media/codemirror/all.js             | 5 ++++-
 plugins/UiFileManager/media/codemirror/mode/javascript.js | 5 ++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4fc71e22..2aa0a146 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ### zeronet-conservancy 0.7.9+
+- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
 
-### zeronet-conservancy 0.7.9 (2023-07-02)
+### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35)
 maintainers: @caryoscelus -> none
 - update README (build/dev instructions; thanks to @fgaz)
 - better debugging of update non-propagation
diff --git a/plugins/UiFileManager/media/codemirror/all.js b/plugins/UiFileManager/media/codemirror/all.js
index ef2a423a..4b87e42d 100644
--- a/plugins/UiFileManager/media/codemirror/all.js
+++ b/plugins/UiFileManager/media/codemirror/all.js
@@ -17366,7 +17366,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+	// backported ReDoS fix from
+	// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+	// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+	if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)
diff --git a/plugins/UiFileManager/media/codemirror/mode/javascript.js b/plugins/UiFileManager/media/codemirror/mode/javascript.js
index 9c751d23..ba590d18 100644
--- a/plugins/UiFileManager/media/codemirror/mode/javascript.js
+++ b/plugins/UiFileManager/media/codemirror/mode/javascript.js
@@ -126,7 +126,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) {
           var kw = keywords[word]
           return ret(kw.type, kw.style, word)
         }
-        if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false))
+	// backported ReDoS fix from
+	// https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36
+	// https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+	if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false))
           return ret("async", "keyword", word)
       }
       return ret("variable", "variable", word)