hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape group data

Browse Source
v1.18.x
Barış Soner Uşaklı 10 years ago
parent 8eab5ac402
commit 8610c44e78
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File

19
src/groups.js
Unescape Escape View File

@ -86,6 +86,7 @@ var async = require('async'),
if (!group) {
return;
}
Groups.escapeGroupData(group);
group.members = data.members[index] || [];
group.truncated = group.memberCount > data.members.length;
});
@ -171,13 +172,15 @@ var async = require('async'),
if (err) {
return callback(err);
}
results.base.name = options.escape ? validator.escape(results.base.name) : results.base.name;
results.base.description = options.escape ? validator.escape(results.base.description) : results.base.description;
if (options.escape) {
Groups.escapeGroupData(results.base);
}
results.base.descriptionParsed = descriptionParsed;
results.base.userTitle = options.escape ? validator.escape(results.base.userTitle) : results.base.userTitle;
results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true;
results.base.createtimeISO = utils.toISOString(results.base.createtime);
results.base.members = results.members.filter(Boolean);
results.base.members = results.members;
results.base.pending = results.pending.filter(Boolean);
results.base.deleted = !!parseInt(results.base.deleted, 10);
results.base.hidden = !!parseInt(results.base.hidden, 10);
@ -195,6 +198,14 @@ var async = require('async'),
});
};
Groups.escapeGroupData = function(group) {
if (group) {
group.name = validator.escape(group.name);
group.description = validator.escape(group.description);
group.userTitle = validator.escape(group.userTitle);
}
};
Groups.getByGroupslug = function(slug, options, callback) {
db.getObjectField('groupslug:groupname', slug, function(err, groupName) {
if (err) {

4
src/groups/search.js
Unescape Escape View File

@ -21,6 +21,10 @@ module.exports = function(Groups) {
groupNames = groupNames.slice(0, 100);
Groups.getGroupsData(groupNames, next);
},
function(groupsData, next) {
groupsData.forEach(Groups.escapeGroupData);
next(null, groupsData);
},
async.apply(Groups.sort, options.sort)
], callback);
};

Write Preview
Loading…
Cancel
Save