escape labelColor, icon, cover:position, validate toPid

8 years ago · 4ff3d06f90
parent a043876d00
commit 4ff3d06f90
5 changed files with 26 additions and 8 deletions
--- a/public/src/modules/iconSelect.js
+++ b/public/src/modules/iconSelect.js
@ -7,13 +7,17 @@ define('iconSelect', function () {

 	iconSelect.init = function (el, onModified) {
 		onModified = onModified || function () {};
-		var doubleSize = el.hasClass('fa-2x'),
-			selected = el.attr('class').replace('fa-2x', '').replace('fa', '').replace(/\s+/g, '');
+		var doubleSize = el.hasClass('fa-2x');
+		var selected = el.attr('class').replace('fa-2x', '').replace('fa', '').replace(/\s+/g, '');

 		$('#icons .selected').removeClass('selected');

 		if (selected) {
-			$('#icons .fa-icons .fa.' + selected).addClass('selected');
+			try {
+				$('#icons .fa-icons .fa.' + selected).addClass('selected');
+			} catch (err) {
+				selected = '';
+			}			
 		}

 		templates.parse('partials/fontawesome', {}, function (html) {
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@ -139,7 +139,7 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
 			userData.moderationNote = validator.escape(String(userData.moderationNote || ''));

 			userData['cover:url'] = userData['cover:url'] || require('../../coverPhoto').getDefaultProfileCover(userData.uid);
-			userData['cover:position'] = userData['cover:position'] || '50% 50%';
+			userData['cover:position'] = validator.escape(String(userData['cover:position'] || '50% 50%'));
 			userData['username:disableEdit'] = !userData.isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1;
 			userData['email:disableEdit'] = !userData.isAdmin && parseInt(meta.config['email:disableEdit'], 10) === 1;

--- a/src/groups.js
+++ b/src/groups.js
@ -157,7 +157,9 @@ var utils = require('../public/src/utils');
 			}

 			results.base['cover:url'] = results.base['cover:url'] || require('./coverPhoto').getDefaultGroupCover(groupName);
-			results.base['cover:position'] = results.base['cover:position'] || '50% 50%';
+			results.base['cover:position'] = validator.escape(String(results.base['cover:position'] || '50% 50%'));
+			results.base.labelColor = validator.escape(String(results.base.labelColor || '#000000'));
+			results.base.icon = validator.escape(String(results.base.icon || ''));

 			plugins.fireHook('filter:parse.raw', results.base.description, function (err, descriptionParsed) {
 				if (err) {
@ -400,7 +402,8 @@ var utils = require('../public/src/utils');
 				if (group) {
 					Groups.escapeGroupData(group);
 					group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true;
-					group.labelColor = group.labelColor || '#000000';
+					group.labelColor = validator.escape(String(group.labelColor || '#000000'));
+					group.icon = validator.escape(String(group.icon || ''));
 					group.createtimeISO = utils.toISOString(group.createtime);
 					group.hidden = parseInt(group.hidden, 10) === 1;
 					group.system = parseInt(group.system, 10) === 1;
@ -409,7 +412,7 @@ var utils = require('../public/src/utils');

 					group['cover:url'] = group['cover:url'] || require('./coverPhoto').getDefaultGroupCover(group.name);
 					group['cover:thumb:url'] = group['cover:thumb:url'] || group['cover:url'];
-					group['cover:position'] = group['cover:position'] || '50% 50%';
+					group['cover:position'] = validator.escape(String(group['cover:position'] || '50% 50%'));
 				}
 			});

--- a/src/posts/create.js
+++ b/src/posts/create.js
@ -9,7 +9,7 @@ var plugins = require('../plugins');
 var user = require('../user');
 var topics = require('../topics');
 var categories = require('../categories');
-
+var utils = require('../../public/src/utils');

 module.exports = function (Posts) {

@ -24,6 +24,10 @@ module.exports = function (Posts) {
 			return callback(new Error('[[error:invalid-uid]]'));
 		}

+		if (data.toPid && !utils.isNumber(data.toPid)) {
+			return callback(new Error('[[error:invalid-pid]]'));
+		}
+
 		var postData;

 		async.waterfall([
--- a/test/topics.js
+++ b/test/topics.js
@ -152,6 +152,13 @@ describe('Topic\'s', function () {
 				done();
 			});
 		});
+
+		it('should fail to create new reply with invalid toPid', function (done) {
+			topics.reply({uid: topic.userId, content: 'test post', tid: newTopic.tid, toPid: '"onmouseover=alert(1);//'}, function (err) {
+				assert.equal(err.message, '[[error:invalid-pid]]');
+				done();
+			});
+		});
 	});

 	describe('Get methods', function () {