From 8c2fdcc77c0c053da0d5f46de426cf515b54b6e4 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Thu, 17 Sep 2015 00:21:50 -0400 Subject: [PATCH] group escape fixes --- public/src/admin/manage/group.js | 26 +++++++----------- src/controllers/accounts.js | 46 ++++++++++++++++++++++---------- src/controllers/admin/groups.js | 9 +++---- src/groups.js | 14 +++++----- src/groups/search.js | 2 +- src/socket.io/admin/groups.js | 7 ----- 6 files changed, 53 insertions(+), 51 deletions(-) diff --git a/public/src/admin/manage/group.js b/public/src/admin/manage/group.js index 32ea48fb11..37d2f64295 100644 --- a/public/src/admin/manage/group.js +++ b/public/src/admin/manage/group.js @@ -86,25 +86,19 @@ define('admin/manage/group', [ groupMembersEl.on('click', 'li[data-uid]', function() { var uid = $(this).attr('data-uid'); - socket.emit('admin.groups.get', groupName, function(err, groupObj){ - if (err) { - return app.alertError(err.message); + bootbox.confirm('Are you sure you want to remove this user?', function(confirm) { + if (!confirm) { + return; } - bootbox.confirm('Are you sure you want to remove this user?', function(confirm) { - if (!confirm) { - return; + socket.emit('admin.groups.leave', { + groupName: groupName, + uid: uid + }, function(err, data) { + if (err) { + return app.alertError(err.message); } - - socket.emit('admin.groups.leave', { - groupName: groupName, - uid: uid - }, function(err, data) { - if (err) { - return app.alertError(err.message); - } - groupMembersEl.find('li[data-uid="' + uid + '"]').remove(); - }); + groupMembersEl.find('li[data-uid="' + uid + '"]').remove(); }); }); }); diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js index 8e2ee930c2..dc8f95f70c 100644 --- a/src/controllers/accounts.js +++ b/src/controllers/accounts.js @@ -249,22 +249,40 @@ accountsController.getTopics = function(req, res, next) { }; accountsController.getGroups = function(req, res, next) { - accountsController.getBaseUser(req.params.userslug, req.uid, function(err, userData) { - if (err || !userData) { + var userData; + var groupsData; + async.waterfall([ + function (next) { + accountsController.getBaseUser(req.params.userslug, req.uid, next); + }, + function (_userData, next) { + userData = _userData; + + groups.getUserGroups([userData.uid], next); + }, + function (_groupsData, next) { + groupsData = _groupsData[0]; + var groupNames = groupsData.map(function(group) { + return group.name; + }); + + groups.getMemberUsers(groupNames, 0, 3, next); + }, + function (members, next) { + groupsData.forEach(function(group, index) { + group.members = members[index]; + }); + next(); + } + ], function(err) { + if (err) { return next(err); } - groups.getUserGroups([userData.uid], function(err, groupsData) { - if (err) { - return next(err); - } - - userData.groups = groupsData[0]; - userData.groups.forEach(groups.escapeGroupData); - userData.title = '[[pages:account/groups, ' + userData.username + ']]'; - userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]); - res.render('account/groups', userData); - }); + userData.groups = groupsData; + userData.title = '[[pages:account/groups, ' + userData.username + ']]'; + userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]); + res.render('account/groups', userData); }); }; @@ -375,7 +393,7 @@ accountsController.accountEdit = function(req, res, callback) { } userData['username:disableEdit'] = parseInt(meta.config['username:disableEdit'], 10) === 1; - + userData.hasPassword = !!password; userData.title = '[[pages:account/edit, ' + userData.username + ']]'; userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]); diff --git a/src/controllers/admin/groups.js b/src/controllers/admin/groups.js index 38b59a45e2..259f93759d 100644 --- a/src/controllers/admin/groups.js +++ b/src/controllers/admin/groups.js @@ -34,7 +34,6 @@ groupsController.list = function(req, res, next) { groups.getGroupsData(groupNames, next); }, function(groupData, next) { - groupData.forEach(groups.escapeGroupData); next(null, {groups: groupData, pagination: pagination.create(page, pageCount)}); } ], function(err, data) { @@ -43,10 +42,10 @@ groupsController.list = function(req, res, next) { } res.render('admin/manage/groups', { - groups: data.groups, - pagination: data.pagination, - yourid: req.user.uid - }); + groups: data.groups, + pagination: data.pagination, + yourid: req.user.uid + }); }); }; diff --git a/src/groups.js b/src/groups.js index 5e5a19b984..646843bde3 100644 --- a/src/groups.js +++ b/src/groups.js @@ -88,7 +88,7 @@ var async = require('async'), db.getSortedSetRevRange(set, start, stop, callback); }; - Groups.getGroupsAndMembers = function(groupNames, callback) { + Groups.getGroupsAndMembers = function(groupNames, callback) { async.parallel({ groups: function(next) { Groups.getGroupsData(groupNames, next); @@ -100,11 +100,12 @@ var async = require('async'), if (err) { return callback(err); } + data.groups.forEach(function(group, index) { if (!group) { return; } - Groups.escapeGroupData(group); + group.members = data.members[index] || []; group.truncated = group.memberCount > data.members.length; }); @@ -118,7 +119,6 @@ var async = require('async'), return callback(new Error('[[error:invalid-group]]')); } - options.escape = options.hasOwnProperty('escape') ? options.escape : true; var stop = -1; async.parallel({ @@ -174,9 +174,7 @@ var async = require('async'), return callback(err); } - if (options.escape) { - Groups.escapeGroupData(results.base); - } + Groups.escapeGroupData(results.base); results.base.descriptionParsed = descriptionParsed; results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true; @@ -401,7 +399,7 @@ var async = require('async'), groupData.forEach(function(group) { if (group) { - group.userTitle = validator.escape(group.userTitle) || validator.escape(group.name); + Groups.escapeGroupData(group); group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true; group.labelColor = group.labelColor || '#000000'; group.createtimeISO = utils.toISOString(group.createtime); @@ -444,7 +442,7 @@ var async = require('async'), } }); - Groups.getGroupsAndMembers(memberOf, next); + Groups.getGroupsData(memberOf, next); }); }, next); } diff --git a/src/groups/search.js b/src/groups/search.js index f7f0ba5a7e..89c9eba1d2 100644 --- a/src/groups/search.js +++ b/src/groups/search.js @@ -31,7 +31,7 @@ module.exports = function(Groups) { return !group.hidden; }); } - groupsData.forEach(Groups.escapeGroupData); + Groups.sort(options.sort, groupsData, next); } ], callback); diff --git a/src/socket.io/admin/groups.js b/src/socket.io/admin/groups.js index 347a26d33a..0cd47a778f 100644 --- a/src/socket.io/admin/groups.js +++ b/src/socket.io/admin/groups.js @@ -15,13 +15,6 @@ Groups.create = function(socket, data, callback) { }, callback); }; -Groups.get = function(socket, groupName, callback) { - groups.get(groupName, { - escape: false, - uid: socket.uid - }, callback); -}; - Groups.join = function(socket, data, callback) { if (!data) { return callback(new Error('[[error:invalid-data]]'));