From 9613ea901895ee11f76f2b7d01ef2814ed3953fd Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Tue, 1 Oct 2013 11:54:00 -0400 Subject: [PATCH] reverted change where post title was sanitized on saving (which didn't seem to work), now sanitizing post title on output --- src/postTools.js | 4 ++-- src/posts.js | 6 +++--- src/topics.js | 15 ++++++++------- src/webserver.js | 5 +++-- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/postTools.js b/src/postTools.js index 8f41608391..9f989866cd 100644 --- a/src/postTools.js +++ b/src/postTools.js @@ -5,6 +5,7 @@ var RDB = require('./redis.js'), user = require('./user.js'), async = require('async'), nconf = require('nconf'), + validator = require('validator'), utils = require('../public/src/utils'), plugins = require('./plugins'), @@ -92,10 +93,9 @@ var RDB = require('./redis.js'), ], function(err, results) { io.sockets.in('topic_' + results[0].tid).emit('event:post_edited', { pid: pid, - title: title, + title: validator.sanitize(title).escape(), isMainPost: results[0].isMainPost, content: results[1] - }); }); }; diff --git a/src/posts.js b/src/posts.js index 957d2790b9..411610ee5e 100644 --- a/src/posts.js +++ b/src/posts.js @@ -264,9 +264,9 @@ var RDB = require('./redis.js'), var socketData = { posts: [postData] }; - io.sockets. in ('topic_' + tid).emit('event:new_post', socketData); - io.sockets. in ('recent_posts').emit('event:new_post', socketData); - io.sockets. in ('user/' + uid).emit('event:new_post', socketData); + io.sockets.in('topic_' + tid).emit('event:new_post', socketData); + io.sockets.in('recent_posts').emit('event:new_post', socketData); + io.sockets.in('user/' + uid).emit('event:new_post', socketData); }); callback(null, 'Reply successful'); diff --git a/src/topics.js b/src/topics.js index 54d303bdbf..30d9b5c9bf 100644 --- a/src/topics.js +++ b/src/topics.js @@ -15,15 +15,17 @@ schema = require('./schema.js'), topicSearch = reds.createSearch('nodebbtopicsearch'), validator = require('validator'); - (function(Topics) { Topics.getTopicData = function(tid, callback) { RDB.hgetall('topic:' + tid, function(err, data) { - if (err === null) + if (err === null) { + data.title = validator.sanitize(data.title).escape(); + callback(data); - else + } else { console.log(err); + } }); } @@ -658,7 +660,6 @@ schema = require('./schema.js'), var slug = tid + '/' + utils.slugify(title); var timestamp = Date.now(); - title = validator.sanitize(title).escape(); RDB.hmset('topic:' + tid, { 'tid': tid, 'uid': uid, @@ -698,9 +699,9 @@ schema = require('./schema.js'), // Notify any users looking at the category that a new topic has arrived Topics.getTopicForCategoryView(tid, uid, function(topicData) { - io.sockets. in ('category_' + category_id).emit('event:new_topic', topicData); - io.sockets. in ('recent_posts').emit('event:new_topic', topicData); - io.sockets. in ('user/' + uid).emit('event:new_post', { + io.sockets.in('category_' + category_id).emit('event:new_topic', topicData); + io.sockets.in('recent_posts').emit('event:new_topic', topicData); + io.sockets.in('user/' + uid).emit('event:new_post', { posts: postData }); }); diff --git a/src/webserver.js b/src/webserver.js index c19cee772c..a134a4ac58 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -309,7 +309,8 @@ var express = require('express'), }, function (topicData, next) { var lastMod = 0, - timestamp; + timestamp, + sanitize = validator.sanitize; for (var x = 0, numPosts = topicData.posts.length; x < numPosts; x++) { timestamp = parseInt(topicData.posts[x].timestamp, 10); @@ -324,7 +325,7 @@ var express = require('express'), content: topicData.topic_name }, { name: "description", - content: validator.sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '') + content: sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '') }, { property: 'og:title', content: topicData.topic_name + ' | ' + (meta.config.title || 'NodeBB')