hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#6004

Browse Source
v1.18.x
Barış Soner Uşaklı 7 years ago
parent ce3e1f31ab
commit 056e4f0601
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File

1
package.json
Unescape Escape View File

@ -44,6 +44,7 @@
"ipaddr.js": "^1.5.4", "ipaddr.js": "^1.5.4",
"jimp": "0.2.28", "jimp": "0.2.28",
"jquery": "^3.2.1", "jquery": "^3.2.1",
"jsesc": "2.5.1",
"json-2-csv": "^2.1.2", "json-2-csv": "^2.1.2",
"less": "^2.7.2", "less": "^2.7.2",
"lodash": "^4.17.4", "lodash": "^4.17.4",

7
src/middleware/header.js
Unescape Escape View File

@ -2,6 +2,7 @@
var async = require('async'); var async = require('async');
var nconf = require('nconf'); var nconf = require('nconf');
var jsesc = require('jsesc');
var db = require('../database'); var db = require('../database');
var user = require('../user'); var user = require('../user');
@ -60,7 +61,7 @@ module.exports = function (middleware) {
bodyClass: data.bodyClass, bodyClass: data.bodyClass,
}; };
templateValues.configJSON = JSON.stringify(res.locals.config).replace(/\\"/g, '\\\\"').replace(/'/g, '\\\'').replace(/<\//g, '<\\/'); templateValues.configJSON = jsesc(JSON.stringify(res.locals.config), { isScriptContext: true });
async.waterfall([ async.waterfall([
function (next) { function (next) {
@ -127,7 +128,7 @@ module.exports = function (middleware) {
results.user.isGlobalMod = results.isGlobalMod; results.user.isGlobalMod = results.isGlobalMod;
results.user.isMod = !!results.isModerator; results.user.isMod = !!results.isModerator;
results.user.uid = parseInt(results.user.uid, 10); results.user.uid = parseInt(results.user.uid, 10);
results.user.email = String(results.user.email).replace(/\\/g, '\\\\').replace(/"/g, '\\"'); results.user.email = String(results.user.email);
results.user['email:confirmed'] = parseInt(results.user['email:confirmed'], 10) === 1; results.user['email:confirmed'] = parseInt(results.user['email:confirmed'], 10) === 1;
results.user.isEmailConfirmSent = !!results.isEmailConfirmSent; results.user.isEmailConfirmSent = !!results.isEmailConfirmSent;
@ -141,7 +142,7 @@ module.exports = function (middleware) {
templateValues.isGlobalMod = results.user.isGlobalMod; templateValues.isGlobalMod = results.user.isGlobalMod;
templateValues.showModMenu = results.user.isAdmin || results.user.isGlobalMod || results.user.isMod; templateValues.showModMenu = results.user.isAdmin || results.user.isGlobalMod || results.user.isMod;
templateValues.user = results.user; templateValues.user = results.user;
templateValues.userJSON = JSON.stringify(results.user); templateValues.userJSON = jsesc(JSON.stringify(results.user), { isScriptContext: true });
templateValues.useCustomCSS = parseInt(meta.config.useCustomCSS, 10) === 1 && meta.config.customCSS; templateValues.useCustomCSS = parseInt(meta.config.useCustomCSS, 10) === 1 && meta.config.customCSS;
templateValues.customCSS = templateValues.useCustomCSS ? (meta.config.renderedCustomCSS || '') : ''; templateValues.customCSS = templateValues.useCustomCSS ? (meta.config.renderedCustomCSS || '') : '';
templateValues.useCustomJS = parseInt(meta.config.useCustomJS, 10) === 1; templateValues.useCustomJS = parseInt(meta.config.useCustomJS, 10) === 1;

Write Preview
Loading…
Cancel
Save