Merge pull request #5596 from NodeBB/translator-fix

Centrally escape translator tokens in every topic title
8 years ago · 98047be9ce
parent 0e615e7b09 e382bca610
commit 98047be9ce
11 changed files with 61 additions and 29 deletions
--- a/package.json
+++ b/package.json
@ -54,7 +54,7 @@
    "morgan": "^1.3.2",
    "mousetrap": "^1.5.3",
    "nconf": "~0.8.2",
-    "nodebb-plugin-composer-default": "4.4.4",
+    "nodebb-plugin-composer-default": "4.4.6",
    "nodebb-plugin-dbsearch": "1.0.5",
    "nodebb-plugin-emoji-extended": "1.1.1",
    "nodebb-plugin-emoji-one": "1.1.5",
--- a/public/src/modules/translator.js
+++ b/public/src/modules/translator.js
@ -50,6 +50,7 @@
 		/**
 		 * Construct a new Translator object
 		 * @param {string} language - Language code for this translator instance
+		 * @exports translator.Translator
 		 */
 		function Translator(language) {
 			var self = this;
@ -283,7 +284,7 @@
 				}

 				var argsToTranslate = args.map(function (arg) {
-					return string(arg).collapseWhitespace().decodeHTMLEntities().escapeHTML().s;
+					return string(arg).collapseWhitespace().decodeHTMLEntities().escapeHTML().s.replace(/&amp;/g, '&');
 				}).map(function (arg) {
 					return self.translate(arg);
 				});
@ -443,6 +444,9 @@
 		return Translator;
 	}());

+	/**
+	 * @exports translator
+	 */
 	var adaptor = {
 		/**
 		 * The Translator class
--- a/src/categories/recentreplies.js
+++ b/src/categories/recentreplies.js
@ -3,7 +3,6 @@

 var async = require('async');
 var winston = require('winston');
-var validator = require('validator');
 var _ = require('underscore');

 var db = require('../database');
@ -11,7 +10,6 @@ var posts = require('../posts');
 var topics = require('../topics');
 var privileges = require('../privileges');
 var batch = require('../batch');
-var translator = require('../translator');

 module.exports = function (Categories) {
 	Categories.getRecentReplies = function (cid, uid, count, callback) {
@ -136,7 +134,7 @@ module.exports = function (Categories) {
 						teaser.user.uid = undefined;
 						teaser.topic = {
 							slug: topicData[index].slug,
-							title: translator.escape(validator.escape(String(topicData[index].title))),
+							title: topicData[index].title,
 						};
 					}
 				});
--- a/src/controllers/category.js
+++ b/src/controllers/category.js
@ -161,9 +161,6 @@ categoryController.get = function (req, res, callback) {
 			return callback(err);
 		}

-		categoryData.topics.forEach(function (topic) {
-			topic.title = translator.escape(topic.title);
-		});
 		categoryData.description = translator.escape(categoryData.description);
 		categoryData.privileges = userPrivileges;
 		categoryData.showSelect = categoryData.privileges.editable;
--- a/src/controllers/topics.js
+++ b/src/controllers/topics.js
@ -14,7 +14,6 @@ var plugins = require('../plugins');
 var helpers = require('./helpers');
 var pagination = require('../pagination');
 var utils = require('../utils');
-var translator = require('../translator');

 var topicsController = {};

@ -130,14 +129,13 @@ topicsController.get = function (req, res, callback) {
 			plugins.fireHook('filter:controllers.topic.get', { topicData: topicData, uid: req.uid }, next);
 		},
 		function (data, next) {
-			data.topicData.title = translator.escape(data.topicData.title);
 			var breadcrumbs = [
 				{
 					text: data.topicData.category.name,
 					url: nconf.get('relative_path') + '/category/' + data.topicData.category.slug,
 				},
 				{
-					text: translator.escape(data.topicData.title),
+					text: data.topicData.title,
 				},
 			];

--- a/src/posts/summary.js
+++ b/src/posts/summary.js
@ -5,12 +5,11 @@ var async = require('async');
 var validator = require('validator');
 var S = require('string');

-var db = require('../database');
+var topics = require('../topics');
 var user = require('../user');
 var plugins = require('../plugins');
 var categories = require('../categories');
 var utils = require('../utils');
-var translator = require('../translator');

 module.exports = function (Posts) {
 	Posts.getPostSummaryByPids = function (pids, uid, options, callback) {
@ -39,8 +38,8 @@ module.exports = function (Posts) {
 					if (uids.indexOf(posts[i].uid) === -1) {
 						uids.push(posts[i].uid);
 					}
-					if (topicKeys.indexOf('topic:' + posts[i].tid) === -1) {
-						topicKeys.push('topic:' + posts[i].tid);
+					if (topicKeys.indexOf(posts[i].tid) === -1) {
+						topicKeys.push(posts[i].tid);
 					}
 				});
 				async.parallel({
@ -111,15 +110,15 @@ module.exports = function (Posts) {
 		}, callback);
 	}

-	function getTopicAndCategories(topicKeys, callback) {
-		db.getObjectsFields(topicKeys, ['uid', 'tid', 'title', 'cid', 'slug', 'deleted', 'postcount', 'mainPid'], function (err, topics) {
+	function getTopicAndCategories(tids, callback) {
+		topics.getTopicsFields(tids, ['uid', 'tid', 'title', 'cid', 'slug', 'deleted', 'postcount', 'mainPid'], function (err, topics) {
 			if (err) {
 				return callback(err);
 			}

 			var cids = topics.map(function (topic) {
 				if (topic) {
-					topic.title = translator.escape(validator.escape(String(topic.title)));
+					topic.title = String(topic.title);
 					topic.deleted = parseInt(topic.deleted, 10) === 1;
 				}
 				return topic && topic.cid;
--- a/src/socket.io/admin/rooms.js
+++ b/src/socket.io/admin/rooms.js
@ -5,7 +5,7 @@ var async = require('async');
 var os = require('os');
 var nconf = require('nconf');
 var winston = require('winston');
-var validator = require('validator');
+
 var topics = require('../../topics');
 var pubsub = require('../../pubsub');

@ -109,7 +109,7 @@ SocketRooms.getAll = function (socket, data, callback) {
 			topTenTopics.forEach(function (topic, index) {
 				totals.topics[topic.tid] = {
 					value: topic.count || 0,
-					title: validator.escape(String(titles[index].title)),
+					title: String(titles[index].title),
 				};
 			});
 			next(null, totals);
--- a/src/socket.io/posts/tools.js
+++ b/src/socket.io/posts/tools.js
@ -1,7 +1,6 @@
 'use strict';

 var async = require('async');
-var validator = require('validator');

 var posts = require('../../posts');
 var topics = require('../../topics');
@ -169,7 +168,7 @@ module.exports = function (SocketPosts) {
 					uid: socket.uid,
 					pid: data.pid,
 					ip: socket.ip,
-					title: validator.escape(String(title)),
+					title: String(title),
 				}, next);
 			},
 		], callback);
--- a/src/socket.io/topics/tools.js
+++ b/src/socket.io/topics/tools.js
@ -1,7 +1,6 @@
 'use strict';

 var async = require('async');
-var validator = require('validator');

 var topics = require('../../topics');
 var events = require('../../events');
@ -114,7 +113,7 @@ module.exports = function (SocketTopics) {
 					uid: socket.uid,
 					ip: socket.ip,
 					tid: tid,
-					title: validator.escape(String(title)),
+					title: String(title),
 				}, next);
 			},
 		], callback);
--- a/src/topics/create.js
+++ b/src/topics/create.js
@ -323,7 +323,7 @@ module.exports = function (Topics) {
 				postData.display_move_tools = true;
 				postData.selfPost = false;
 				postData.timestampISO = utils.toISOString(postData.timestamp);
-				postData.topic.title = validator.escape(String(postData.topic.title));
+				postData.topic.title = String(postData.topic.title);

 				next(null, postData);
 			},
--- a/src/topics/data.js
+++ b/src/topics/data.js
@ -5,14 +5,43 @@ var validator = require('validator');
 var db = require('../database');
 var categories = require('../categories');
 var utils = require('../utils');
+var translator = require('../translator');
+
+function escapeTitle(topicData) {
+	if (!topicData) {
+		return;
+	}
+	if (topicData.title) {
+		topicData.title = translator.escape(validator.escape(topicData.title.toString()));
+	}
+	if (topicData.titleRaw) {
+		topicData.titleRaw = translator.escape(topicData.titleRaw);
+	}
+}

 module.exports = function (Topics) {
 	Topics.getTopicField = function (tid, field, callback) {
-		db.getObjectField('topic:' + tid, field, callback);
+		db.getObjectField('topic:' + tid, field, function (err, value) {
+			if (err) {
+				return callback(err);
+			}
+
+			if (field === 'title') {
+				value = translator.escape(validator.escape(String(value)));
+			}
+			callback(null, value);
+		});
 	};

 	Topics.getTopicFields = function (tid, fields, callback) {
-		db.getObjectFields('topic:' + tid, fields, callback);
+		db.getObjectFields('topic:' + tid, fields, function (err, topic) {
+			if (err) {
+				return callback(err);
+			}
+
+			escapeTitle(topic);
+			callback(null, topic);
+		});
 	};

 	Topics.getTopicsFields = function (tids, fields, callback) {
@ -22,7 +51,14 @@ module.exports = function (Topics) {
 		var keys = tids.map(function (tid) {
 			return 'topic:' + tid;
 		});
-		db.getObjectsFields(keys, fields, callback);
+		db.getObjectsFields(keys, fields, function (err, topics) {
+			if (err) {
+				return callback(err);
+			}
+
+			topics.forEach(escapeTitle);
+			callback(null, topics);
+		});
 	};

 	Topics.getTopicData = function (tid, callback) {
@ -57,8 +93,10 @@ module.exports = function (Topics) {
 		if (!topic) {
 			return;
 		}
+
 		topic.titleRaw = topic.title;
-		topic.title = validator.escape(String(topic.title));
+		topic.title = String(topic.title);
+		escapeTitle(topic);
 		topic.timestampISO = utils.toISOString(topic.timestamp);
 		topic.lastposttimeISO = utils.toISOString(topic.lastposttime);
 	}