From 754e20eb5cb43ce15b2b11cdf2c702300366daaf Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Mon, 25 Jul 2016 15:23:50 +0300
Subject: [PATCH] closes #4877

---
 src/socket.io/posts/edit.js   |  4 ++--
 src/socket.io/posts/tools.js  | 19 ++++++++++++++-----
 src/socket.io/topics/tools.js | 19 ++++++++++++++-----
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/socket.io/posts/edit.js b/src/socket.io/posts/edit.js
index e5ad7a0afb..56cddd8c6b 100644
--- a/src/socket.io/posts/edit.js
+++ b/src/socket.io/posts/edit.js
@@ -49,8 +49,8 @@ module.exports = function(SocketPosts) {
 					type: 'topic-rename',
 					uid: socket.uid,
 					ip: socket.ip,
-					oldTitle: result.topic.oldTitle,
-					newTitle: result.topic.title
+					oldTitle: validator.escape(String(result.topic.oldTitle)),
+					newTitle: validator.escape(String(result.topic.title))
 				});
 			}
 
diff --git a/src/socket.io/posts/tools.js b/src/socket.io/posts/tools.js
index 5c59b28918..bcb7e59642 100644
--- a/src/socket.io/posts/tools.js
+++ b/src/socket.io/posts/tools.js
@@ -1,8 +1,11 @@
 'use strict';
 
 var async = require('async');
+var winston = require('winston');
+var validator = require('validator');
 
 var posts = require('../../posts');
+var topics = require('../../topics');
 var events = require('../../events');
 var websockets = require('../index');
 var socketTopics = require('../topics');
@@ -106,11 +109,17 @@ module.exports = function(SocketPosts) {
 
 				websockets.in('topic_' + data.tid).emit('event:post_purged', data.pid);
 
-				events.log({
-					type: 'post-purge',
-					uid: socket.uid,
-					pid: data.pid,
-					ip: socket.ip
+				topics.getTopicField(data.tid, 'title', function(err, title) {
+					if (err) {
+						return winston.error(err);
+					}
+					events.log({
+						type: 'post-purge',
+						uid: socket.uid,
+						pid: data.pid,
+						ip: socket.ip,
+						title: validator.escape(String(title))
+					});
 				});
 
 				callback();
diff --git a/src/socket.io/topics/tools.js b/src/socket.io/topics/tools.js
index f3d9ad4688..2ba98271ae 100644
--- a/src/socket.io/topics/tools.js
+++ b/src/socket.io/topics/tools.js
@@ -1,6 +1,9 @@
 'use strict';
 
 var async = require('async');
+var winston = require('winston');
+var validator = require('validator');
+
 var topics = require('../../topics');
 var events = require('../../events');
 var privileges = require('../../privileges');
@@ -94,11 +97,17 @@ module.exports = function(SocketTopics) {
 				socketHelpers.emitToTopicAndCategory(event, data);
 
 				if (action === 'delete' || action === 'restore' || action === 'purge') {
-					events.log({
-						type: 'topic-' + action,
-						uid: socket.uid,
-						ip: socket.ip,
-						tid: tid
+					topics.getTopicField(tid, 'title', function(err, title) {
+						if (err) {
+							return winston.error(err);
+						}
+						events.log({
+							type: 'topic-' + action,
+							uid: socket.uid,
+							ip: socket.ip,
+							tid: tid,
+							title: validator.escape(String(title))
+						});
 					});
 				}