group escape fixes

10 years ago · 8c2fdcc77c
parent 2e1661a5e8
commit 8c2fdcc77c
6 changed files with 53 additions and 51 deletions
--- a/public/src/admin/manage/group.js
+++ b/public/src/admin/manage/group.js
@ -86,25 +86,19 @@ define('admin/manage/group', [
 		groupMembersEl.on('click', 'li[data-uid]', function() {
 			var uid = $(this).attr('data-uid');
-			socket.emit('admin.groups.get', groupName, function(err, groupObj){
+			bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
-				if (err) {
+				if (!confirm) {
-					return app.alertError(err.message);
+					return;
 				}
-				bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
+				socket.emit('admin.groups.leave', {
-					if (!confirm) {
+					groupName: groupName,
-						return;
+					uid: uid
 				}, function(err, data) {
 					if (err) {
 						return app.alertError(err.message);
 					}
-
+					groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
 					socket.emit('admin.groups.leave', {
 						groupName: groupName,
 						uid: uid
 					}, function(err, data) {
 						if (err) {
 							return app.alertError(err.message);
 						}
 						groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
 					});
 				});
 			});
 		});
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@ -249,22 +249,40 @@ accountsController.getTopics = function(req, res, next) {
 };
 accountsController.getGroups = function(req, res, next) {
-	accountsController.getBaseUser(req.params.userslug, req.uid, function(err, userData) {
+	var userData;
-		if (err || !userData) {
+	var groupsData;
 	async.waterfall([
 		function (next) {
 			accountsController.getBaseUser(req.params.userslug, req.uid, next);
 		},
 		function (_userData, next) {
 			userData = _userData;
 			groups.getUserGroups([userData.uid], next);
 		},
 		function (_groupsData, next) {
 			groupsData = _groupsData[0];
 			var groupNames = groupsData.map(function(group) {
 				return group.name;
 			});
 			groups.getMemberUsers(groupNames, 0, 3, next);
 		},
 		function (members, next) {
 			groupsData.forEach(function(group, index) {
 				group.members = members[index];
 			});
 			next();
 		}
 	], function(err) {
 		if (err) {
 			return next(err);
 		}
-		groups.getUserGroups([userData.uid], function(err, groupsData) {
+		userData.groups = groupsData;
-			if (err) {
+		userData.title = '[[pages:account/groups, ' + userData.username + ']]';
-				return next(err);
+		userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
-			}
+		res.render('account/groups', userData);
 			userData.groups = groupsData[0];
 			userData.groups.forEach(groups.escapeGroupData);
 			userData.title = '[[pages:account/groups, ' + userData.username + ']]';
 			userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
 			res.render('account/groups', userData);
 		});
 	});
 };
--- a/src/controllers/admin/groups.js
+++ b/src/controllers/admin/groups.js
@ -34,7 +34,6 @@ groupsController.list = function(req, res, next) {
 			groups.getGroupsData(groupNames, next);
 		},
 		function(groupData, next) {
 			groupData.forEach(groups.escapeGroupData);
 			next(null, {groups: groupData, pagination: pagination.create(page, pageCount)});
 		}
 	], function(err, data) {
@ -43,10 +42,10 @@ groupsController.list = function(req, res, next) {
 		}
 		res.render('admin/manage/groups', {
-	 		groups: data.groups,
+			groups: data.groups,
-	 		pagination: data.pagination,
+			pagination: data.pagination,
-	 		yourid: req.user.uid
+			yourid: req.user.uid
-	 	});
+		});
 	});
 };
--- a/src/groups.js
+++ b/src/groups.js
@ -100,11 +100,12 @@ var async = require('async'),
 			if (err) {
 				return callback(err);
 			}
 			data.groups.forEach(function(group, index) {
 				if (!group) {
 					return;
 				}
-				Groups.escapeGroupData(group);
+
 				group.members = data.members[index] || [];
 				group.truncated = group.memberCount > data.members.length;
 			});
@ -118,7 +119,6 @@ var async = require('async'),
 			return callback(new Error('[[error:invalid-group]]'));
 		}
 		options.escape = options.hasOwnProperty('escape') ? options.escape : true;
 		var stop = -1;
 		async.parallel({
@ -174,9 +174,7 @@ var async = require('async'),
 					return callback(err);
 				}
-				if (options.escape) {
+				Groups.escapeGroupData(results.base);
 					Groups.escapeGroupData(results.base);
 				}
 				results.base.descriptionParsed = descriptionParsed;
 				results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true;
@ -401,7 +399,7 @@ var async = require('async'),
 			groupData.forEach(function(group) {
 				if (group) {
-					group.userTitle = validator.escape(group.userTitle) || validator.escape(group.name);
+					Groups.escapeGroupData(group);
 					group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true;
 					group.labelColor = group.labelColor || '#000000';
 					group.createtimeISO = utils.toISOString(group.createtime);
@ -444,7 +442,7 @@ var async = require('async'),
 							}
 						});
-						Groups.getGroupsAndMembers(memberOf, next);
+						Groups.getGroupsData(memberOf, next);
 					});
 				}, next);
 			}
--- a/src/groups/search.js
+++ b/src/groups/search.js
@ -31,7 +31,7 @@ module.exports = function(Groups) {
 						return !group.hidden;
 					});
 				}
-				groupsData.forEach(Groups.escapeGroupData);
+
 				Groups.sort(options.sort, groupsData, next);
 			}
 		], callback);
--- a/src/socket.io/admin/groups.js
+++ b/src/socket.io/admin/groups.js
@ -15,13 +15,6 @@ Groups.create = function(socket, data, callback) {
 	}, callback);
 };
 Groups.get = function(socket, groupName, callback) {
 	groups.get(groupName, {
 		escape: false,
 		uid: socket.uid
 	}, callback);
 };
 Groups.join = function(socket, data, callback) {
 	if (!data) {
 		return callback(new Error('[[error:invalid-data]]'));