hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reverted change where post title was sanitized on saving (which didn't

Browse Source 
seem to work), now sanitizing post title on output
v1.18.x
Julian Lam 12 years ago
parent 3d4802ac68
commit 9613ea9018
4 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File

4
src/postTools.js
Unescape Escape View File

@ -5,6 +5,7 @@ var RDB = require('./redis.js'),
user = require('./user.js'), user = require('./user.js'),
async = require('async'), async = require('async'),
nconf = require('nconf'), nconf = require('nconf'),
validator = require('validator'),
utils = require('../public/src/utils'), utils = require('../public/src/utils'),
plugins = require('./plugins'), plugins = require('./plugins'),
@ -92,10 +93,9 @@ var RDB = require('./redis.js'),
], function(err, results) { ], function(err, results) {
io.sockets.in('topic_' + results[0].tid).emit('event:post_edited', { io.sockets.in('topic_' + results[0].tid).emit('event:post_edited', {
pid: pid, pid: pid,
title: title, title: validator.sanitize(title).escape(),
isMainPost: results[0].isMainPost, isMainPost: results[0].isMainPost,
content: results[1] content: results[1]
}); });
}); });
}; };

9
src/topics.js
Unescape Escape View File

@ -15,15 +15,17 @@ schema = require('./schema.js'),
topicSearch = reds.createSearch('nodebbtopicsearch'), topicSearch = reds.createSearch('nodebbtopicsearch'),
validator = require('validator'); validator = require('validator');
(function(Topics) { (function(Topics) {
Topics.getTopicData = function(tid, callback) { Topics.getTopicData = function(tid, callback) {
RDB.hgetall('topic:' + tid, function(err, data) { RDB.hgetall('topic:' + tid, function(err, data) {
if (err === null) if (err === null) {
data.title = validator.sanitize(data.title).escape();
callback(data); callback(data);
else } else {
console.log(err); console.log(err);
}
}); });
} }
@ -658,7 +660,6 @@ schema = require('./schema.js'),
var slug = tid + '/' + utils.slugify(title); var slug = tid + '/' + utils.slugify(title);
var timestamp = Date.now(); var timestamp = Date.now();
title = validator.sanitize(title).escape();
RDB.hmset('topic:' + tid, { RDB.hmset('topic:' + tid, {
'tid': tid, 'tid': tid,
'uid': uid, 'uid': uid,

5
src/webserver.js
Unescape Escape View File

@ -309,7 +309,8 @@ var express = require('express'),
}, },
function (topicData, next) { function (topicData, next) {
var lastMod = 0, var lastMod = 0,
timestamp; timestamp,
sanitize = validator.sanitize;
for (var x = 0, numPosts = topicData.posts.length; x < numPosts; x++) { for (var x = 0, numPosts = topicData.posts.length; x < numPosts; x++) {
timestamp = parseInt(topicData.posts[x].timestamp, 10); timestamp = parseInt(topicData.posts[x].timestamp, 10);
@ -324,7 +325,7 @@ var express = require('express'),
content: topicData.topic_name content: topicData.topic_name
}, { }, {
name: "description", name: "description",
content: validator.sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '') content: sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '')
}, { }, {
property: 'og:title', property: 'og:title',
content: topicData.topic_name + ' | ' + (meta.config.title || 'NodeBB') content: topicData.topic_name + ' | ' + (meta.config.title || 'NodeBB')

Write Preview
Loading…
Cancel
Save