Merge remote-tracking branch 'refs/remotes/origin/master' into develop

package.json

@@ -67,7 +67,7 @@
     "nodebb-plugin-spam-be-gone": "0.5.1",
     "nodebb-rewards-essentials": "0.0.9",
     "nodebb-theme-lavender": "4.1.1",
-    "nodebb-theme-persona": "6.1.3",
+    "nodebb-theme-persona": "6.1.4",
     "nodebb-theme-slick": "1.1.1",
     "nodebb-theme-vanilla": "7.1.2",
     "nodebb-widget-essentials": "3.0.7",

public/language/en-GB/unread.json

@@ -10,5 +10,6 @@
 	"all-topics": "All Topics",
 	"new-topics": "New Topics",
 	"watched-topics": "Watched Topics",
-	"unreplied-topics": "Unreplied Topics"
+	"unreplied-topics": "Unreplied Topics",
+	"multiple-categories-selected": "Multiple Selected"
 }

public/language/nl/notifications.json

@@ -20,24 +20,24 @@
     "my-flags": "Markeringen toegewezen aan mij",
     "bans": "Bans",
     "new_message_from": "Nieuw bericht van <strong>%1</strong>",
-    "upvoted_your_post_in": "<strong>%1</strong> heeft voor een bericht gestemd in <strong>%2</strong>.",
-    "upvoted_your_post_in_dual": "<strong>%1</strong> en <strong>%2</strong> hebben voor een bericht in gestemd in <strong>%3</strong>.",
-    "upvoted_your_post_in_multiple": "<strong>%1</strong> en %2 andere hebben in gestemd in <strong>%3</strong>.",
+    "upvoted_your_post_in": "<strong>%1</strong> heeft voor je bericht gestemd in <strong>%2</strong>.",
+    "upvoted_your_post_in_dual": "<strong>%1</strong> en <strong>%2</strong> hebben voor je bericht gestemd in <strong>%3</strong>.",
+    "upvoted_your_post_in_multiple": "<strong>%1</strong> en %2 anderen hebben voor je bericht gestemd in <strong>%3</strong>.",
     "moved_your_post": "<strong>%1</strong> heeft je bericht verplaatst naar <strong>%2</strong>",
     "moved_your_topic": "<strong>%1</strong> heeft <strong>%2</strong> verplaatst",
     "user_flagged_post_in": "<strong>%1</strong> rapporteerde een bericht in <strong>%2</strong>",
-    "user_flagged_post_in_dual": "<strong>%1</strong> en <strong>%2</strong> rapporteerde een bericht in <strong>%3</strong>",
-    "user_flagged_post_in_multiple": "<strong>%1</strong> en %2 andere rapporteede een bericht in <strong>%3</strong>",
+    "user_flagged_post_in_dual": "<strong>%1</strong> en <strong>%2</strong> rapporteerden een bericht in <strong>%3</strong>",
+    "user_flagged_post_in_multiple": "<strong>%1</strong> en %2 anderen rapporteerden een bericht in <strong>%3</strong>",
     "user_flagged_user": "<strong>%1</strong> markeerde een gebruikersprofiel (%2)",
     "user_flagged_user_dual": "<strong>%1</strong> en <strong>%2</strong> markeerden een gebruikersprofiel (%3)",
-    "user_flagged_user_multiple": "<strong>%1</strong> en %2 anderen markeerde een gebruikersprofiel (%3)",
-    "user_posted_to": "<strong>%1</strong> heeft een reactie geplaatst in <strong>%2</strong>",
+    "user_flagged_user_multiple": "<strong>%1</strong> en %2 anderen markeerden een gebruikersprofiel (%3)",
+    "user_posted_to": "<strong>%1</strong> heeft een reactie geplaatst in: <strong>%2</strong>",
     "user_posted_to_dual": "<strong>%1</strong> en <strong>%2</strong> hebben een reactie geplaatst in: <strong>%3</strong>",
     "user_posted_to_multiple": "<strong>%1</strong> en %2 hebben een reactie geplaatst in: <strong>%3</strong>",
     "user_posted_topic": "<strong>%1</strong> heeft een nieuw onderwerp geplaatst: <strong>%2</strong>",
     "user_started_following_you": "<strong>%1</strong> volgt jou nu.",
     "user_started_following_you_dual": "<strong>%1</strong> en <strong>%2</strong> volgen jou nu.",
-    "user_started_following_you_multiple": "<strong%1>%1</strong> en %2 andere volgen jou nu.",
+    "user_started_following_you_multiple": "<strong>%1</strong> en %2 anderen volgen jou nu.",
     "new_register": "<strong>%1</strong> heeft een registratie verzoek aangevraagd.",
     "new_register_multiple": "Er is/zijn <strong>%1</strong> registratieverzoek(en) die wacht(en) op goedkeuring.",
     "flag_assigned_to_you": "<strong>Flag %1</strong> is aan u toegewezen",

public/src/client/recent.js

@@ -18,6 +18,8 @@ define('forum/recent', ['forum/infinitescroll', 'components'], function (infinit
 
 		Recent.watchForNewPosts();
 
+		Recent.handleCategorySelection();
+
 		$('#new-topics-alert').on('click', function () {
 			$(this).addClass('hide');
 		});
@@ -38,7 +40,7 @@ define('forum/recent', ['forum/infinitescroll', 'components'], function (infinit
 	};
 
 	function onNewTopic(data) {
-		if (ajaxify.data.selectedCategory && parseInt(ajaxify.data.selectedCategory.cid, 10) !== parseInt(data.cid, 10)) {
+		if (ajaxify.data.selectedCids && ajaxify.data.selectedCids.indexOf(parseInt(data.cid, 10)) === -1) {
 			return;
 		}
 
@@ -64,7 +66,7 @@ define('forum/recent', ['forum/infinitescroll', 'components'], function (infinit
 			return;
 		}
 
-		if (ajaxify.data.selectedCategory && parseInt(ajaxify.data.selectedCategory.cid, 10) !== parseInt(post.topic.cid, 10)) {
+		if (ajaxify.data.selectedCids && ajaxify.data.selectedCids.indexOf(parseInt(post.topic.cid, 10)) === -1) {
 			return;
 		}
 
@@ -87,6 +89,56 @@ define('forum/recent', ['forum/infinitescroll', 'components'], function (infinit
 		showAlert();
 	}
 
+	Recent.handleCategorySelection = function () {
+		function getSelectedCids() {
+			var cids = [];
+			$('[component="category/list"] [data-cid]').each(function (index, el) {
+				if ($(el).find('i.fa-check').length) {
+					cids.push(parseInt($(el).attr('data-cid'), 10));
+				}
+			});
+			cids.sort(function (a, b) {
+				return a - b;
+			});
+			return cids;
+		}
+
+		$('[component="category/dropdown"]').on('hidden.bs.dropdown', function () {
+			var cids = getSelectedCids();
+			var changed = ajaxify.data.selectedCids.length !== cids.length;
+			ajaxify.data.selectedCids.forEach(function (cid, index) {
+				if (cid !== cids[index]) {
+					changed = true;
+				}
+			});
+
+			if (changed) {
+				var url = ajaxify.data.selectedFilter.url;
+				if (cids.length) {
+					url += '?' + decodeURIComponent($.param({ cid: cids }));
+				}
+				ajaxify.go(url);
+			}
+		});
+
+		$('[component="category/list"]').on('click', '[data-cid]', function (ev) {
+			function selectChildren(parentCid, flag) {
+				$('[component="category/list"] [data-parent-cid="' + parentCid + '"] [component="category/select/icon"]').toggleClass('fa-check', flag);
+				$('[component="category/list"] [data-parent-cid="' + parentCid + '"]').each(function (index, el) {
+					selectChildren($(el).attr('data-cid'), flag);
+				});
+			}
+			var categoryEl = $(this);
+			var cid = $(this).attr('data-cid');
+			if (ev.ctrlKey) {
+				selectChildren(cid, !categoryEl.find('[component="category/select/icon"]').hasClass('fa-check'));
+			}
+			categoryEl.find('[component="category/select/icon"]').toggleClass('fa-check');
+			$('[component="category/list"] li').first().find('i').toggleClass('fa-check', !getSelectedCids().length);
+			return false;
+		});
+	};
+
 	Recent.removeListeners = function () {
 		socket.removeListener('event:new_topic', onNewTopic);
 		socket.removeListener('event:new_post', onNewPost);

public/src/client/unread.js

@@ -19,6 +19,8 @@ define('forum/unread', ['forum/recent', 'topicSelect', 'forum/infinitescroll', '
 
 		recent.watchForNewPosts();
 
+		recent.handleCategorySelection();
+
 		$(window).trigger('action:topics.loaded', { topics: ajaxify.data.topics });
 
 		$('#markSelectedRead').on('click', function () {
@@ -88,12 +90,11 @@ define('forum/unread', ['forum/recent', 'topicSelect', 'forum/infinitescroll', '
 			if (direction < 0 || !$('[component="category"]').length) {
 				return;
 			}
-			var params = utils.params();
-			var cid = params.cid;
+
 			infinitescroll.loadMore('topics.loadMoreUnreadTopics', {
 				after: $('[component="category"]').attr('data-nextstart'),
 				count: config.topicsPerPage,
-				cid: cid,
+				cid: utils.params().cid,
 				filter: ajaxify.data.selectedFilter.filter,
 			}, function (data, done) {
 				if (data.topics && data.topics.length) {

src/categories/recentreplies.js

@@ -91,11 +91,8 @@ module.exports = function (Categories) {
 				db.getSortedSetsMembers(keys, next);
 			},
 			function (results, next) {
-				var tids = _.flatten(results);
+				var tids = _.uniq(_.flatten(results).filter(Boolean));
 
-				tids = tids.filter(function (tid, index, array) {
-					return !!tid && array.indexOf(tid) === index;
-				});
 				privileges.topics.filterTids('read', tids, uid, next);
 			},
 			function (tids, next) {

src/controllers/helpers.js

@@ -179,6 +179,9 @@ helpers.buildTitle = function (pageTitle) {
 };
 
 helpers.getWatchedCategories = function (uid, selectedCid, callback) {
+	if (selectedCid && !Array.isArray(selectedCid)) {
+		selectedCid = [selectedCid];
+	}
 	async.waterfall([
 		function (next) {
 			user.getWatchedCategories(uid, next);
@@ -193,14 +196,30 @@ helpers.getWatchedCategories = function (uid, selectedCid, callback) {
 			categoryData = categoryData.filter(function (category) {
 				return category && !category.link;
 			});
-
-			var selectedCategory;
+			var selectedCategory = [];
+			var selectedCids = [];
 			categoryData.forEach(function (category) {
-				category.selected = parseInt(category.cid, 10) === parseInt(selectedCid, 10);
+				category.selected = selectedCid ? selectedCid.indexOf(String(category.cid)) !== -1 : false;
 				if (category.selected) {
-					selectedCategory = category;
+					selectedCategory.push(category);
+					selectedCids.push(parseInt(category.cid, 10));
 				}
 			});
+			selectedCids.sort(function (a, b) {
+				return a - b;
+			});
+
+			if (selectedCategory.length > 1) {
+				selectedCategory = {
+					icon: 'fa-plus',
+					name: '[[unread:multiple-categories-selected]]',
+					bgColor: '#ddd',
+				};
+			} else if (selectedCategory.length === 1) {
+				selectedCategory = selectedCategory[0];
+			} else {
+				selectedCategory = undefined;
+			}
 
 			var categoriesData = [];
 			var tree = categories.getTree(categoryData, 0);
@@ -209,7 +228,7 @@ helpers.getWatchedCategories = function (uid, selectedCid, callback) {
 				recursive(category, categoriesData, '');
 			});
 
-			next(null, { categories: categoriesData, selectedCategory: selectedCategory });
+			next(null, { categories: categoriesData, selectedCategory: selectedCategory, selectedCids: selectedCids });
 		},
 	], callback);
 };

src/controllers/recent.js

@@ -3,7 +3,7 @@
 
 var async = require('async');
 var nconf = require('nconf');
-var validator = require('validator');
+var querystring = require('querystring');
 
 var user = require('../user');
 var topics = require('../topics');
@@ -53,6 +53,7 @@ recentController.get = function (req, res, next) {
 		function (data) {
 			data.categories = categoryData.categories;
 			data.selectedCategory = categoryData.selectedCategory;
+			data.selectedCids = categoryData.selectedCids;
 			data.nextStart = stop + 1;
 			data.set = 'topics:recent';
 			data['feeds:disableRSS'] = parseInt(meta.config['feeds:disableRSS'], 10) === 1;
@@ -74,7 +75,8 @@ recentController.get = function (req, res, next) {
 				data.breadcrumbs = helpers.buildBreadcrumbs([{ text: '[[recent:title]]' }]);
 			}
 
-			data.querystring = cid ? ('?cid=' + validator.escape(String(cid))) : '';
+			data.querystring = cid ? '?' + querystring.stringify({ cid: cid }) : '';
+
 			res.render('recent', data);
 		},
 	], next);

src/controllers/unread.js

@@ -3,7 +3,6 @@
 
 var async = require('async');
 var querystring = require('querystring');
-var validator = require('validator');
 
 var pagination = require('../pagination');
 var user = require('../user');
@@ -64,6 +63,7 @@ unreadController.get = function (req, res, next) {
 
 			data.categories = results.watchedCategories.categories;
 			data.selectedCategory = results.watchedCategories.selectedCategory;
+			data.selectedCids = results.watchedCategories.selectedCids;
 
 			if (req.path.startsWith('/api/unread') || req.path.startsWith('/unread')) {
 				data.breadcrumbs = helpers.buildBreadcrumbs([{ text: '[[unread:title]]' }]);
@@ -76,8 +76,7 @@ unreadController.get = function (req, res, next) {
 				return filter && filter.selected;
 			});
 
-			data.querystring = cid ? ('?cid=' + validator.escape(String(cid))) : '';
-
+			data.querystring = cid ? '?' + querystring.stringify({ cid: cid }) : '';
 			res.render('unread', data);
 		},
 	], next);

src/messaging.js

@@ -72,11 +72,15 @@ function canGet(hook, callerUid, uid, callback) {
 }
 
 Messaging.parse = function (message, fromuid, uid, roomId, isNew, callback) {
+	message = S(message).stripTags().decodeHTMLEntities().s;
+	message = validator.escape(String(message));
+
 	plugins.fireHook('filter:parse.raw', message, function (err, parsed) {
 		if (err) {
 			return callback(err);
 		}
 
+
 		var messageData = {
 			message: message,
 			parsed: parsed,

src/meta/blacklist.js

@@ -65,6 +65,9 @@ Blacklist.test = function (clientIp, callback) {
 	// Some handy test addresses
 	// clientIp = '2001:db8:85a3:0:0:8a2e:370:7334';	// IPv6
 	// clientIp = '127.0.15.1';	// IPv4
+	// clientIp = '127.0.15.1:3443'; // IPv4 with port strip port to not fail
+	clientIp = clientIp.split(':').length === 2 ? clientIp.split(':')[0] : clientIp;
+
 	var addr = ipaddr.parse(clientIp);
 
 	if (

src/middleware/admin.js

@@ -5,6 +5,7 @@ var winston = require('winston');
 var user = require('../user');
 var meta = require('../meta');
 var plugins = require('../plugins');
+var jsesc = require('jsesc');
 
 var controllers = {
 	api: require('../controllers/api'),
@@ -73,11 +74,11 @@ module.exports = function (middleware) {
 
 				var templateValues = {
 					config: results.config,
-					configJSON: JSON.stringify(results.config),
+					configJSON: jsesc(JSON.stringify(results.config), { isScriptContext: true }),
 					relative_path: results.config.relative_path,
 					adminConfigJSON: encodeURIComponent(JSON.stringify(results.configs)),
 					user: userData,
-					userJSON: JSON.stringify(userData).replace(/'/g, "\\'"),
+					userJSON: jsesc(JSON.stringify(userData), { isScriptContext: true }),
 					plugins: results.custom_header.plugins,
 					authentication: results.custom_header.authentication,
 					scripts: results.scripts,

src/posts/queue.js

@@ -8,6 +8,7 @@ var meta = require('../meta');
 var topics = require('../topics');
 var notifications = require('../notifications');
 var privileges = require('../privileges');
+var plugins = require('../plugins');
 var socketHelpers = require('../socket.io/helpers');
 
 module.exports = function (Posts) {
@@ -18,7 +19,14 @@ module.exports = function (Posts) {
 			},
 			function (userData, next) {
 				var shouldQueue = parseInt(meta.config.postQueue, 10) === 1 && (!parseInt(uid, 10) || (parseInt(userData.reputation, 10) <= 0 && parseInt(userData.postcount, 10) <= 0));
-				next(null, shouldQueue);
+				plugins.fireHook('filter:post.shouldQueue', {
+					shouldQueue: shouldQueue,
+					uid: uid,
+					data: data,
+				}, next);
+			},
+			function (result, next) {
+				next(null, result.shouldQueue);
 			},
 		], callback);
 	};

src/topics/recent.js

@@ -3,11 +3,11 @@
 'use strict';
 
 var async = require('async');
+
 var db = require('../database');
 var plugins = require('../plugins');
 var privileges = require('../privileges');
 var user = require('../user');
-var categories = require('../categories');
 var meta = require('../meta');
 
 module.exports = function (Topics) {
@@ -23,22 +23,15 @@ module.exports = function (Topics) {
 			nextStart: 0,
 			topics: [],
 		};
-
+		if (cid && !Array.isArray(cid)) {
+			cid = [cid];
+		}
 		async.waterfall([
 			function (next) {
-				if (cid) {
-					categories.getTopicIds({
-						cid: cid,
-						start: 0,
-						stop: 199,
-						sort: 'newest_to_oldest',
-					}, next);
-				} else {
-					db.getSortedSetRevRange('topics:recent', 0, 199, next);
-				}
+				db.getSortedSetRevRange('topics:recent', 0, 199, next);
 			},
 			function (tids, next) {
-				filterTids(tids, uid, filter, next);
+				filterTids(tids, uid, filter, cid, next);
 			},
 			function (tids, next) {
 				recentTopics.topicCount = tids.length;
@@ -53,8 +46,7 @@ module.exports = function (Topics) {
 		], callback);
 	};
 
-
-	function filterTids(tids, uid, filter, callback) {
+	function filterTids(tids, uid, filter, cid, callback) {
 		async.waterfall([
 			function (next) {
 				if (filter === 'watched') {
@@ -84,9 +76,10 @@ module.exports = function (Topics) {
 				}, next);
 			},
 			function (results, next) {
+				cid = cid && cid.map(String);
 				tids = results.topicData.filter(function (topic) {
 					if (topic && topic.cid) {
-						return results.ignoredCids.indexOf(topic.cid.toString()) === -1;
+						return results.ignoredCids.indexOf(topic.cid.toString()) === -1 && (!cid || (cid.length && cid.indexOf(topic.cid.toString()) !== -1));
 					}
 					return false;
 				}).map(function (topic) {

src/topics/unread.js

@@ -75,6 +75,10 @@ module.exports = function (Topics) {
 
 		var cutoff = params.cutoff || Topics.unreadCutoff();
 
+		if (params.cid && !Array.isArray(params.cid)) {
+			params.cid = [params.cid];
+		}
+
 		async.waterfall([
 			function (next) {
 				async.parallel({
@@ -181,10 +185,11 @@ module.exports = function (Topics) {
 			},
 			function (results, next) {
 				var topics = results.topics;
+				cid = cid && cid.map(String);
 				tids = topics.filter(function (topic, index) {
 					return topic && topic.cid &&
 						(!!results.isTopicsFollowed[index] || results.ignoredCids.indexOf(topic.cid.toString()) === -1) &&
-						(!cid || parseInt(cid, 10) === parseInt(topic.cid, 10));
+						(!cid || (cid.length && cid.indexOf(String(topic.cid)) !== -1));
 				}).map(function (topic) {
 					return topic.tid;
 				});

src/widgets/index.js

@@ -218,34 +218,31 @@ widgets.reset = function (callback) {
 };
 
 widgets.resetTemplate = function (template, callback) {
-	db.getObject('widgets:' + template + '.tpl', function (err, area) {
-		if (err) {
-			return callback();
-		}
-
-		var toBeDrafted = [];
-		for (var location in area) {
-			if (area.hasOwnProperty(location)) {
-				toBeDrafted = toBeDrafted.concat(JSON.parse(area[location]));
-			}
-		}
-
-		db.delete('widgets:' + template + '.tpl');
-		db.getObjectField('widgets:global', 'drafts', function (err, draftWidgets) {
-			if (err) {
-				return callback();
+	var toBeDrafted = [];
+	async.waterfall([
+		function (next) {
+			db.getObject('widgets:' + template + '.tpl', next);
+		},
+		function (area, next) {
+			for (var location in area) {
+				if (area.hasOwnProperty(location)) {
+					toBeDrafted = toBeDrafted.concat(JSON.parse(area[location]));
+				}
 			}
-
+			db.delete('widgets:' + template + '.tpl', next);
+		},
+		function (next) {
+			db.getObjectField('widgets:global', 'drafts', next);
+		},
+		function (draftWidgets, next) {
 			draftWidgets = JSON.parse(draftWidgets).concat(toBeDrafted);
-			db.setObjectField('widgets:global', 'drafts', JSON.stringify(draftWidgets), callback);
-		});
-	});
+			db.setObjectField('widgets:global', 'drafts', JSON.stringify(draftWidgets), next);
+		},
+	], callback);
 };
 
 widgets.resetTemplates = function (templates, callback) {
-	async.eachSeries(templates, function (template, next) {
-		widgets.resetTemplate(template, next);
-	}, callback);
+	async.eachSeries(templates, widgets.resetTemplate, callback);
 };
 
 module.exports = widgets;

test/controllers-admin.js

@@ -578,4 +578,33 @@ describe('Admin Controllers', function () {
 			});
 		});
 	});
+
+	it('should escape special characters in config', function (done) {
+		var plugins = require('../src/plugins');
+		function onConfigGet(config, callback) {
+			config.someValue = '"foo"';
+			config.otherValue = "'123'";
+			config.script = '</script>';
+			callback(null, config);
+		}
+		plugins.registerHook('somePlugin', { hook: 'filter:config.get', method: onConfigGet });
+		request(nconf.get('url') + '/admin', { jar: jar }, function (err, res, body) {
+			assert.ifError(err);
+			assert.equal(res.statusCode, 200);
+			assert(body);
+			assert(body.indexOf('"someValue":"\\\\"foo\\\\""') !== -1);
+			assert(body.indexOf('"otherValue":"\\\'123\\\'"') !== -1);
+			assert(body.indexOf('"script":"<\\/script>"') !== -1);
+			request(nconf.get('url'), { jar: jar }, function (err, res, body) {
+				assert.ifError(err);
+				assert.equal(res.statusCode, 200);
+				assert(body);
+				assert(body.indexOf('"someValue":"\\\\"foo\\\\""') !== -1);
+				assert(body.indexOf('"otherValue":"\\\'123\\\'"') !== -1);
+				assert(body.indexOf('"script":"<\\/script>"') !== -1);
+				plugins.unregisterHook('somePlugin', 'filter:config.get', onConfigGet);
+				done();
+			});
+		});
+	});
 });

test/controllers.js

@@ -702,7 +702,7 @@ describe('Controllers', function () {
 				assert.ifError(err);
 				assert.equal(res.statusCode, 200);
 				assert(body.widgets);
-				assert.equal(Object.keys(body.widgets), 0);
+				assert.equal(Object.keys(body.widgets).length, 0);
 				done();
 			});
 		});
@@ -717,6 +717,19 @@ describe('Controllers', function () {
 				done();
 			});
 		});
+
+		it('should reset templates', function (done) {
+			widgets.resetTemplates(['categories', 'category'], function (err) {
+				assert.ifError(err);
+				request(nconf.get('url') + '/api/categories', { json: true }, function (err, res, body) {
+					assert.ifError(err);
+					assert.equal(res.statusCode, 200);
+					assert(body.widgets);
+					assert.equal(Object.keys(body.widgets).length, 0);
+					done();
+				});
+			});
+		});
 	});
 
 	describe('tags', function () {

test/topics.js

@@ -1133,7 +1133,7 @@ describe('Topic\'s', function () {
 			});
 		});
 
-		it('should mark all read', function (done) {
+		it('should mark category topics read', function (done) {
 			socketTopics.markUnread({ uid: adminUid }, tid, function (err) {
 				assert.ifError(err);
 				socketTopics.markCategoryTopicsRead({ uid: adminUid }, topic.categoryId, function (err) {