group escape fixes

10 years ago · 8c2fdcc77c
parent 2e1661a5e8
commit 8c2fdcc77c
6 changed files with 53 additions and 51 deletions
--- a/public/src/admin/manage/group.js
+++ b/public/src/admin/manage/group.js
@ -86,25 +86,19 @@ define('admin/manage/group', [
 		groupMembersEl.on('click', 'li[data-uid]', function() {
 			var uid = $(this).attr('data-uid');

-			socket.emit('admin.groups.get', groupName, function(err, groupObj){
-				if (err) {
-					return app.alertError(err.message);
+			bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
+				if (!confirm) {
+					return;
 				}

-				bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
-					if (!confirm) {
-						return;
+				socket.emit('admin.groups.leave', {
+					groupName: groupName,
+					uid: uid
+				}, function(err, data) {
+					if (err) {
+						return app.alertError(err.message);
 					}
-
-					socket.emit('admin.groups.leave', {
-						groupName: groupName,
-						uid: uid
-					}, function(err, data) {
-						if (err) {
-							return app.alertError(err.message);
-						}
-						groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
-					});
+					groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
 				});
 			});
 		});
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@ -249,22 +249,40 @@ accountsController.getTopics = function(req, res, next) {
 };

 accountsController.getGroups = function(req, res, next) {
-	accountsController.getBaseUser(req.params.userslug, req.uid, function(err, userData) {
-		if (err || !userData) {
+	var userData;
+	var groupsData;
+	async.waterfall([
+		function (next) {
+			accountsController.getBaseUser(req.params.userslug, req.uid, next);
+		},
+		function (_userData, next) {
+			userData = _userData;
+
+			groups.getUserGroups([userData.uid], next);
+		},
+		function (_groupsData, next) {
+			groupsData = _groupsData[0];
+			var groupNames = groupsData.map(function(group) {
+				return group.name;
+			});
+
+			groups.getMemberUsers(groupNames, 0, 3, next);
+		},
+		function (members, next) {
+			groupsData.forEach(function(group, index) {
+				group.members = members[index];
+			});
+			next();
+		}
+	], function(err) {
+		if (err) {
 			return next(err);
 		}

-		groups.getUserGroups([userData.uid], function(err, groupsData) {
-			if (err) {
-				return next(err);
-			}
-
-			userData.groups = groupsData[0];
-			userData.groups.forEach(groups.escapeGroupData);
-			userData.title = '[[pages:account/groups, ' + userData.username + ']]';
-			userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
-			res.render('account/groups', userData);
-		});
+		userData.groups = groupsData;
+		userData.title = '[[pages:account/groups, ' + userData.username + ']]';
+		userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
+		res.render('account/groups', userData);
 	});
 };

@ -375,7 +393,7 @@ accountsController.accountEdit = function(req, res, callback) {
 		}

 		userData['username:disableEdit'] = parseInt(meta.config['username:disableEdit'], 10) === 1;
-		
+
 		userData.hasPassword = !!password;
 		userData.title = '[[pages:account/edit, ' + userData.username + ']]';
 		userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]);
--- a/src/controllers/admin/groups.js
+++ b/src/controllers/admin/groups.js
@ -34,7 +34,6 @@ groupsController.list = function(req, res, next) {
 			groups.getGroupsData(groupNames, next);
 		},
 		function(groupData, next) {
-			groupData.forEach(groups.escapeGroupData);
 			next(null, {groups: groupData, pagination: pagination.create(page, pageCount)});
 		}
 	], function(err, data) {
@ -43,10 +42,10 @@ groupsController.list = function(req, res, next) {
 		}

 		res.render('admin/manage/groups', {
-	 		groups: data.groups,
-	 		pagination: data.pagination,
-	 		yourid: req.user.uid
-	 	});
+			groups: data.groups,
+			pagination: data.pagination,
+			yourid: req.user.uid
+		});
 	});
 };

--- a/src/groups.js
+++ b/src/groups.js
@ -88,7 +88,7 @@ var async = require('async'),
 		db.getSortedSetRevRange(set, start, stop, callback);
 	};

-	Groups.getGroupsAndMembers = function(groupNames, callback) {	
+	Groups.getGroupsAndMembers = function(groupNames, callback) {
 		async.parallel({
 			groups: function(next) {
 				Groups.getGroupsData(groupNames, next);
@ -100,11 +100,12 @@ var async = require('async'),
 			if (err) {
 				return callback(err);
 			}
+
 			data.groups.forEach(function(group, index) {
 				if (!group) {
 					return;
 				}
-				Groups.escapeGroupData(group);
+
 				group.members = data.members[index] || [];
 				group.truncated = group.memberCount > data.members.length;
 			});
@ -118,7 +119,6 @@ var async = require('async'),
 			return callback(new Error('[[error:invalid-group]]'));
 		}

-		options.escape = options.hasOwnProperty('escape') ? options.escape : true;
 		var stop = -1;

 		async.parallel({
@ -174,9 +174,7 @@ var async = require('async'),
 					return callback(err);
 				}

-				if (options.escape) {
-					Groups.escapeGroupData(results.base);
-				}
+				Groups.escapeGroupData(results.base);

 				results.base.descriptionParsed = descriptionParsed;
 				results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true;
@ -401,7 +399,7 @@ var async = require('async'),

 			groupData.forEach(function(group) {
 				if (group) {
-					group.userTitle = validator.escape(group.userTitle) || validator.escape(group.name);
+					Groups.escapeGroupData(group);
 					group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true;
 					group.labelColor = group.labelColor || '#000000';
 					group.createtimeISO = utils.toISOString(group.createtime);
@ -444,7 +442,7 @@ var async = require('async'),
 							}
 						});

-						Groups.getGroupsAndMembers(memberOf, next);
+						Groups.getGroupsData(memberOf, next);
 					});
 				}, next);
 			}
--- a/src/groups/search.js
+++ b/src/groups/search.js
@ -31,7 +31,7 @@ module.exports = function(Groups) {
 						return !group.hidden;
 					});
 				}
-				groupsData.forEach(Groups.escapeGroupData);
+
 				Groups.sort(options.sort, groupsData, next);
 			}
 		], callback);
--- a/src/socket.io/admin/groups.js
+++ b/src/socket.io/admin/groups.js
@ -15,13 +15,6 @@ Groups.create = function(socket, data, callback) {
 	}, callback);
 };

-Groups.get = function(socket, groupName, callback) {
-	groups.get(groupName, {
-		escape: false,
-		uid: socket.uid
-	}, callback);
-};
-
 Groups.join = function(socket, data, callback) {
 	if (!data) {
 		return callback(new Error('[[error:invalid-data]]'));