fix: #7941, validate some input fields

5 years ago · 565f9726f7
parent 661a0f5068
commit 565f9726f7
2 changed files with 26 additions and 10 deletions
--- a/src/meta/configs.js
+++ b/src/meta/configs.js
@ -12,12 +12,12 @@ const Meta = require('../meta');
 const cacheBuster = require('./cacheBuster');
 const defaults = require('../../install/data/defaults');
-var Configs = module.exports;
+const Configs = module.exports;
 Meta.config = {};
 function deserialize(config) {
-	var deserialized = {};
+	const deserialized = {};
 	Object.keys(config).forEach(function (key) {
 		const defaultType = typeof defaults[key];
 		const type = typeof config[key];
@ -109,14 +109,31 @@ Configs.remove = async function (field) {
 };
 async function processConfig(data) {
 	ensurePositiveInteger(data, 'maximumUsernameLength');
 	ensurePositiveInteger(data, 'minimumUsernameLength');
 	ensurePositiveInteger(data, 'minimumPasswordLength');
 	ensurePositiveInteger(data, 'maximumAboutMeLength');
 	if (data.minimumUsernameLength > data.maximumUsernameLength) {
 		throw new Error('[[error:invalid-data]]');
 	}
 	await Promise.all([
 		saveRenderedCss(data),
 		getLogoSize(data),
 	]);
 }
 function ensurePositiveInteger(data, field) {
 	if (data.hasOwnProperty(field)) {
 		data[field] = parseInt(data[field], 10);
 		if (!(data[field] > 0)) {
 			throw new Error('[[error:invalid-data]]');
 		}
 	}
 }
 function lessRender(string, callback) {
-	var less = require('less');
+	const less = require('less');
 	less.render(string, {
 		compress: true,
 		javascriptEnabled: true,
@ -135,7 +152,7 @@ async function saveRenderedCss(data) {
 }
 async function getLogoSize(data) {
-	var image = require('../image');
+	const image = require('../image');
 	if (!data['brand:logo']) {
 		return;
 	}
--- a/src/socket.io/admin.js
+++ b/src/socket.io/admin.js
@ -164,7 +164,7 @@ SocketAdmin.config.setMultiple = async function (socket, data) {
 		throw new Error('[[error:invalid-data]]');
 	}
-	var changes = {};
+	const changes = {};
 	data = meta.configs.deserialize(data);
 	Object.keys(data).forEach(function (key) {
 		if (data[key] !== meta.config[key]) {
@ -173,10 +173,9 @@ SocketAdmin.config.setMultiple = async function (socket, data) {
 		}
 	});
 	await meta.configs.setMultiple(data);
-	var setting;
+	for (const field in data) {
 	for (var field in data) {
 		if (data.hasOwnProperty(field)) {
-			setting = {
+			const setting = {
 				key: field,
 				value: data[field],
 			};
@ -216,7 +215,7 @@ SocketAdmin.settings.clearSitemapCache = function (socket, data, callback) {
 };
 SocketAdmin.email.test = function (socket, data, callback) {
-	var payload = {
+	const payload = {
 		subject: '[[email:test-email.subject]]',
 	};
@ -338,7 +337,7 @@ SocketAdmin.deleteAllEvents = function (socket, data, callback) {
 SocketAdmin.getSearchDict = async function (socket) {
 	const settings = await user.getSettings(socket.uid);
-	var lang = settings.userLang || meta.config.defaultLang || 'en-GB';
+	const lang = settings.userLang || meta.config.defaultLang || 'en-GB';
 	return await getAdminSearchDict(lang);
 };