From b9139ef2635875632b9e30c9421f372d255167b5 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Thu, 12 Jun 2014 13:58:17 -0400
Subject: [PATCH] some escaping and fixed uploads in progress

---
 public/src/forum/topic.js              |  2 +-
 public/src/modules/composer.js         |  8 ++++----
 public/src/modules/composer/uploads.js | 16 +++++++++-------
 public/src/modules/notifications.js    |  2 +-
 public/src/modules/taskbar.js          |  2 +-
 src/topics/create.js                   |  2 ++
 6 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/public/src/forum/topic.js b/public/src/forum/topic.js
index 48bf5dbdfa..540550996f 100644
--- a/public/src/forum/topic.js
+++ b/public/src/forum/topic.js
@@ -341,7 +341,7 @@ define('forum/topic', ['forum/pagination', 'forum/infinitescroll', 'forum/topic/
 
 		findInsertionPoint();
 
-		data.title = ajaxify.variables.get('topic_name');
+		data.title = $('<div></div>').text(ajaxify.variables.get('topic_name')).html();
 		data.viewcount = ajaxify.variables.get('viewcount');
 
 		infinitescroll.parseAndTranslate('topic', 'posts', data, function(html) {
diff --git a/public/src/modules/composer.js b/public/src/modules/composer.js
index 1bc122cf0f..6c2c2a6eca 100644
--- a/public/src/modules/composer.js
+++ b/public/src/modules/composer.js
@@ -209,7 +209,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
 					bodyEl = postContainer.find('textarea'),
 					draft = drafts.getDraft(postData.save_id);
 
-				postData.title = $('<div></div>').html(postData.title).text();
+				postData.title = $('<div></div>').text(postData.title).html();
 
 				updateTitle(postData, postContainer);
 
@@ -408,9 +408,9 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
 		$('body').css({'margin-bottom': postContainer.css('height')});
 
 		if (env !== 'sm' && env !== 'xs') {
-			focusElements(post_uuid);	
+			focusElements(post_uuid);
 		}
-		
+
 		resizeTabContent(postContainer);
 	}
 
@@ -455,7 +455,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
 
 		var checkTitle = parseInt(postData.cid, 10) || parseInt(postData.pid, 10);
 
-		if (postData.uploadsInProgress && postData.uploadsInProgress.length) {
+		if (uploads.inProgress[post_uuid] && uploads.inProgress[post_uuid].length) {
 			return composerAlert('[[error:still-uploading]]');
 		} else if (checkTitle && titleEl.val().length < parseInt(config.minimumTitleLength, 10)) {
 			return composerAlert('[[error:title-too-short, ' + config.minimumTitleLength + ']]');
diff --git a/public/src/modules/composer/uploads.js b/public/src/modules/composer/uploads.js
index b61d962d2f..142659a309 100644
--- a/public/src/modules/composer/uploads.js
+++ b/public/src/modules/composer/uploads.js
@@ -3,7 +3,9 @@
 /* globals define, utils, config, app */
 
 define('composer/uploads', function() {
-	var uploads = {};
+	var uploads = {
+		inProgress: {}
+	};
 
 	uploads.initialize = function(post_uuid) {
 
@@ -234,8 +236,8 @@ define('composer/uploads', function() {
 				formData.append('_csrf', $('#csrf_token').val());
 			}
 
-			uploads[post_uuid] = uploads[post_uuid] || [];
-			uploads[post_uuid].push(1);
+			uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
+			uploads.inProgress[post_uuid].push(1);
 
 			$(this).ajaxSubmit({
 				resetForm: true,
@@ -264,7 +266,7 @@ define('composer/uploads', function() {
 
 				complete: function() {
 					uploadForm[0].reset();
-					uploads[post_uuid].pop();
+					uploads.inProgress[post_uuid].pop();
 				}
 			});
 
@@ -293,8 +295,8 @@ define('composer/uploads', function() {
 
 			spinner.removeClass('hide');
 
-			uploads[post_uuid] = uploads[post_uuid] || [];
-			uploads[post_uuid].push(1);
+			uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
+			uploads.inProgress[post_uuid].push(1);
 
 			$(this).ajaxSubmit({
 				formData: formData,
@@ -305,7 +307,7 @@ define('composer/uploads', function() {
 					postContainer.find('#topic-thumb-url').val((uploads[0] || {}).url || '').trigger('change');
 				},
 				complete: function() {
-					uploads[post_uuid].pop();
+					uploads.inProgress[post_uuid].pop();
 					spinner.addClass('hide');
 				}
 			});
diff --git a/public/src/modules/notifications.js b/public/src/modules/notifications.js
index 8553f55280..5e4b5ef140 100644
--- a/public/src/modules/notifications.js
+++ b/public/src/modules/notifications.js
@@ -24,7 +24,7 @@ define('notifications', ['sounds'], function(sound) {
 						} else {
 							image = '';
 						}
-
+						notification.text = $('<div/>').text(notification.text).html();
 						return '<li class="' + (notification.readClass || '') + '"><a href="' + (notification.path || '#') + '">' + image + '<span class="pull-right relTime">' + utils.relativeTime(notification.datetime, true) + '</span><span class="text">' + notification.text + '</span></a></li>';
 					}
 
diff --git a/public/src/modules/taskbar.js b/public/src/modules/taskbar.js
index ae71f3325a..d56d9ffd9e 100644
--- a/public/src/modules/taskbar.js
+++ b/public/src/modules/taskbar.js
@@ -60,7 +60,7 @@ define('taskbar', function() {
 			var element = taskbar.tasklist.find('li[data-uuid="'+uuid+'"]');
 			if(element.length)
 				return;
-			var title = $('<div></div>').html(options.title || 'NodeBB Task').text();
+			var title = $('<div></div>').text(options.title || 'NodeBB Task').html();
 
 			var	btnEl = $('<li />')
 				.html('<a href="#">' +
diff --git a/src/topics/create.js b/src/topics/create.js
index a6b3ef353a..3205938112 100644
--- a/src/topics/create.js
+++ b/src/topics/create.js
@@ -2,6 +2,7 @@
 'use strict';
 
 var async = require('async'),
+	validator = require('validator'),
 	db = require('../database'),
 	utils = require('../../public/src/utils'),
 	plugins = require('../plugins'),
@@ -229,6 +230,7 @@ module.exports = function(Topics) {
 				Topics.getTopicFields(tid, ['tid', 'title', 'slug'], next);
 			},
 			function(topicData, next) {
+				topicData.title = validator.escape(topicData.title);
 				postData.topic = topicData;
 				next();
 			},