hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some escaping and fixed uploads in progress

Browse Source
v1.18.x
barisusakli 11 years ago
parent 3198275209
commit b9139ef263
6 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File

2
public/src/forum/topic.js
Unescape Escape View File

@ -341,7 +341,7 @@ define('forum/topic', ['forum/pagination', 'forum/infinitescroll', 'forum/topic/
findInsertionPoint(); findInsertionPoint();
data.title = ajaxify.variables.get('topic_name'); data.title = $('<div></div>').text(ajaxify.variables.get('topic_name')).html();
data.viewcount = ajaxify.variables.get('viewcount'); data.viewcount = ajaxify.variables.get('viewcount');
infinitescroll.parseAndTranslate('topic', 'posts', data, function(html) { infinitescroll.parseAndTranslate('topic', 'posts', data, function(html) {

4
public/src/modules/composer.js
Unescape Escape View File

@ -209,7 +209,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
bodyEl = postContainer.find('textarea'), bodyEl = postContainer.find('textarea'),
draft = drafts.getDraft(postData.save_id); draft = drafts.getDraft(postData.save_id);
postData.title = $('<div></div>').html(postData.title).text(); postData.title = $('<div></div>').text(postData.title).html();
updateTitle(postData, postContainer); updateTitle(postData, postContainer);
@ -455,7 +455,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
var checkTitle = parseInt(postData.cid, 10) || parseInt(postData.pid, 10); var checkTitle = parseInt(postData.cid, 10) || parseInt(postData.pid, 10);
if (postData.uploadsInProgress && postData.uploadsInProgress.length) { if (uploads.inProgress[post_uuid] && uploads.inProgress[post_uuid].length) {
return composerAlert('[[error:still-uploading]]'); return composerAlert('[[error:still-uploading]]');
} else if (checkTitle && titleEl.val().length < parseInt(config.minimumTitleLength, 10)) { } else if (checkTitle && titleEl.val().length < parseInt(config.minimumTitleLength, 10)) {
return composerAlert('[[error:title-too-short, ' + config.minimumTitleLength + ']]'); return composerAlert('[[error:title-too-short, ' + config.minimumTitleLength + ']]');

16
public/src/modules/composer/uploads.js
Unescape Escape View File

@ -3,7 +3,9 @@
/* globals define, utils, config, app */ /* globals define, utils, config, app */
define('composer/uploads', function() { define('composer/uploads', function() {
var uploads = {}; var uploads = {
inProgress: {}
};
uploads.initialize = function(post_uuid) { uploads.initialize = function(post_uuid) {
@ -234,8 +236,8 @@ define('composer/uploads', function() {
formData.append('_csrf', $('#csrf_token').val()); formData.append('_csrf', $('#csrf_token').val());
} }
uploads[post_uuid] = uploads[post_uuid] || []; uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
uploads[post_uuid].push(1); uploads.inProgress[post_uuid].push(1);
$(this).ajaxSubmit({ $(this).ajaxSubmit({
resetForm: true, resetForm: true,
@ -264,7 +266,7 @@ define('composer/uploads', function() {
complete: function() { complete: function() {
uploadForm[0].reset(); uploadForm[0].reset();
uploads[post_uuid].pop(); uploads.inProgress[post_uuid].pop();
} }
}); });
@ -293,8 +295,8 @@ define('composer/uploads', function() {
spinner.removeClass('hide'); spinner.removeClass('hide');
uploads[post_uuid] = uploads[post_uuid] || []; uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
uploads[post_uuid].push(1); uploads.inProgress[post_uuid].push(1);
$(this).ajaxSubmit({ $(this).ajaxSubmit({
formData: formData, formData: formData,
@ -305,7 +307,7 @@ define('composer/uploads', function() {
postContainer.find('#topic-thumb-url').val((uploads[0] || {}).url || '').trigger('change'); postContainer.find('#topic-thumb-url').val((uploads[0] || {}).url || '').trigger('change');
}, },
complete: function() { complete: function() {
uploads[post_uuid].pop(); uploads.inProgress[post_uuid].pop();
spinner.addClass('hide'); spinner.addClass('hide');
} }
}); });

2
public/src/modules/notifications.js
Unescape Escape View File

@ -24,7 +24,7 @@ define('notifications', ['sounds'], function(sound) {
} else { } else {
image = ''; image = '';
} }
notification.text = $('<div/>').text(notification.text).html();
return '<li class="' + (notification.readClass || '') + '"><a href="' + (notification.path || '#') + '">' + image + '<span class="pull-right relTime">' + utils.relativeTime(notification.datetime, true) + '</span><span class="text">' + notification.text + '</span></a></li>'; return '<li class="' + (notification.readClass || '') + '"><a href="' + (notification.path || '#') + '">' + image + '<span class="pull-right relTime">' + utils.relativeTime(notification.datetime, true) + '</span><span class="text">' + notification.text + '</span></a></li>';
} }

2
public/src/modules/taskbar.js
Unescape Escape View File

@ -60,7 +60,7 @@ define('taskbar', function() {
var element = taskbar.tasklist.find('li[data-uuid="'+uuid+'"]'); var element = taskbar.tasklist.find('li[data-uuid="'+uuid+'"]');
if(element.length) if(element.length)
return; return;
var title = $('<div></div>').html(options.title || 'NodeBB Task').text(); var title = $('<div></div>').text(options.title || 'NodeBB Task').html();
var btnEl = $('<li />') var btnEl = $('<li />')
.html('<a href="#">' + .html('<a href="#">' +

2
src/topics/create.js
Unescape Escape View File

@ -2,6 +2,7 @@
'use strict'; 'use strict';
var async = require('async'), var async = require('async'),
validator = require('validator'),
db = require('../database'), db = require('../database'),
utils = require('../../public/src/utils'), utils = require('../../public/src/utils'),
plugins = require('../plugins'), plugins = require('../plugins'),
@ -229,6 +230,7 @@ module.exports = function(Topics) {
Topics.getTopicFields(tid, ['tid', 'title', 'slug'], next); Topics.getTopicFields(tid, ['tid', 'title', 'slug'], next);
}, },
function(topicData, next) { function(topicData, next) {
topicData.title = validator.escape(topicData.title);
postData.topic = topicData; postData.topic = topicData;
next(); next();
}, },

Write Preview
Loading…
Cancel
Save