From 835d4db48198ffc5fdf6da3d9b55407a14983bf5 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Wed, 8 Apr 2015 21:16:06 -0400 Subject: [PATCH] dont add category/topic slug if user doesnt have read permission or category is disabled etc. --- src/controllers/categories.js | 6 +++++- src/controllers/topics.js | 6 +++++- src/middleware/middleware.js | 21 --------------------- src/routes/index.js | 4 ++-- 4 files changed, 12 insertions(+), 25 deletions(-) diff --git a/src/controllers/categories.js b/src/controllers/categories.js index 5d67fd828f..d3bc62d6a3 100644 --- a/src/controllers/categories.js +++ b/src/controllers/categories.js @@ -188,7 +188,7 @@ categoriesController.get = function(req, res, next) { return helpers.notFound(req, res); } - if (cid + '/' + req.params.slug !== results.categoryData.slug) { + if (req.params.slug && cid + '/' + req.params.slug !== results.categoryData.slug) { return helpers.notFound(req, res); } @@ -196,6 +196,10 @@ categoriesController.get = function(req, res, next) { return helpers.notAllowed(req, res); } + if (!req.params.slug && results.categoryData.slug && results.categoryData.slug !== cid + '/') { + return helpers.redirect(res, '/category/' + encodeURI(results.categoryData.slug)); + } + var topicIndex = utils.isNumber(req.params.topic_index) ? parseInt(req.params.topic_index, 10) - 1 : 0; var topicCount = parseInt(results.categoryData.topic_count, 10); diff --git a/src/controllers/topics.js b/src/controllers/topics.js index 7436e86c8e..b7c27324ee 100644 --- a/src/controllers/topics.js +++ b/src/controllers/topics.js @@ -43,7 +43,7 @@ topicsController.get = function(req, res, next) { function (results, next) { userPrivileges = results.privileges; - if (userPrivileges.disabled || tid + '/' + req.params.slug !== results.topic.slug) { + if (userPrivileges.disabled || (req.params.slug && tid + '/' + req.params.slug !== results.topic.slug)) { return helpers.notFound(req, res); } @@ -51,6 +51,10 @@ topicsController.get = function(req, res, next) { return helpers.notAllowed(req, res); } + if (!req.params.slug && results.topic.slug && results.topic.slug !== tid + '/') { + return helpers.redirect(res, '/topic/' + encodeURI(results.topic.slug)); + } + var settings = results.settings; var postCount = parseInt(results.topic.postcount, 10); var pageCount = Math.max(1, Math.ceil((postCount - 1) / settings.postsPerPage)); diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 6c03674483..92313916ce 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -84,27 +84,6 @@ middleware.redirectToLoginIfGuest = function(req, res, next) { } }; -middleware.addSlug = function(req, res, next) { - function redirect(method, id, name) { - method(id, 'slug', function(err, slug) { - if (err || !slug || slug === id + '/') { - return next(err); - } - - controllers.helpers.redirect(res, name + encodeURI(slug)); - }); - } - - if (!req.params.slug) { - if (req.params.category_id) { - return redirect(categories.getCategoryField, req.params.category_id, '/category/'); - } else if (req.params.topic_id) { - return redirect(topics.getTopicField, req.params.topic_id, '/topic/'); - } - } - next(); -}; - middleware.validateFiles = function(req, res, next) { if (!Array.isArray(req.files.files) || !req.files.files.length) { return next(new Error(['[[error:invalid-files]]'])); diff --git a/src/routes/index.js b/src/routes/index.js index 862964dfbe..56bd177205 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -42,7 +42,7 @@ function topicRoutes(app, middleware, controllers) { app.get('/api/topic/teaser/:topic_id', controllers.topics.teaser); setupPageRoute(app, '/topic/:topic_id/:slug/:post_index?', middleware, [], controllers.topics.get); - setupPageRoute(app, '/topic/:topic_id/:slug?', middleware, [middleware.addSlug], controllers.topics.get); + setupPageRoute(app, '/topic/:topic_id/:slug?', middleware, [], controllers.topics.get); } function tagRoutes(app, middleware, controllers) { @@ -58,7 +58,7 @@ function categoryRoutes(app, middleware, controllers) { app.get('/api/unread/total', middleware.authenticate, controllers.categories.unreadTotal); setupPageRoute(app, '/category/:category_id/:slug/:topic_index', middleware, [], controllers.categories.get); - setupPageRoute(app, '/category/:category_id/:slug?', middleware, [middleware.addSlug], controllers.categories.get); + setupPageRoute(app, '/category/:category_id/:slug?', middleware, [], controllers.categories.get); } function accountRoutes(app, middleware, controllers) {