From c6ad8fae2a181c4f6e073661e9a55979537f5d05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Mon, 11 Feb 2019 14:29:25 -0500 Subject: [PATCH] fix: #7354 --- src/controllers/accounts/helpers.js | 1 - src/controllers/admin/users.js | 2 -- src/socket.io/admin/user.js | 3 +-- src/user/approval.js | 4 +--- src/user/create.js | 3 +-- src/user/data.js | 4 ++++ test/user.js | 11 +++++++++++ 7 files changed, 18 insertions(+), 10 deletions(-) diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js index a0ecfcfe1c..9e46fa3e63 100644 --- a/src/controllers/accounts/helpers.js +++ b/src/controllers/accounts/helpers.js @@ -189,7 +189,6 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) { userData.websiteLink = !userData.website.startsWith('http') ? 'http://' + userData.website : userData.website; userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), ''); - userData.email = validator.escape(String(userData.email || '')); userData.fullname = validator.escape(String(userData.fullname || '')); userData.location = validator.escape(String(userData.location || '')); userData.signature = validator.escape(String(userData.signature || '')); diff --git a/src/controllers/admin/users.js b/src/controllers/admin/users.js index c31de51453..743834e1d7 100644 --- a/src/controllers/admin/users.js +++ b/src/controllers/admin/users.js @@ -1,7 +1,6 @@ 'use strict'; var async = require('async'); -var validator = require('validator'); var nconf = require('nconf'); var user = require('../../user'); @@ -156,7 +155,6 @@ function getUsers(set, section, min, max, req, res, next) { }, function (results) { results.users = results.users.filter(function (user) { - user.email = validator.escape(String(user.email || '')); return user && parseInt(user.uid, 10); }); var data = { diff --git a/src/socket.io/admin/user.js b/src/socket.io/admin/user.js index 6bbf7d57ae..efd193ede0 100644 --- a/src/socket.io/admin/user.js +++ b/src/socket.io/admin/user.js @@ -1,7 +1,6 @@ 'use strict'; var async = require('async'); -var validator = require('validator'); var winston = require('winston'); var db = require('../../database'); @@ -210,7 +209,7 @@ User.search = function (socket, data, callback) { function (userInfo, next) { searchData.users.forEach(function (user, index) { if (user && userInfo[index]) { - user.email = validator.escape(String(userInfo[index].email || '')); + user.email = userInfo[index].email; user.flags = userInfo[index].flags || 0; user.lastonlineISO = userInfo[index].lastonlineISO; user.joindateISO = userInfo[index].joindateISO; diff --git a/src/user/approval.js b/src/user/approval.js index 90bb71b324..f0a5a77b98 100644 --- a/src/user/approval.js +++ b/src/user/approval.js @@ -180,9 +180,7 @@ module.exports = function (User) { }, function (_data, next) { data = _data; - var keys = data.filter(Boolean).map(function (user) { - return 'registration:queue:name:' + user.value; - }); + var keys = data.filter(Boolean).map(user => 'registration:queue:name:' + user.value); db.getObjects(keys, next); }, function (users, next) { diff --git a/src/user/create.js b/src/user/create.js index 9ab23a33dc..26395e2e4e 100644 --- a/src/user/create.js +++ b/src/user/create.js @@ -1,7 +1,6 @@ 'use strict'; var async = require('async'); -var validator = require('validator'); var zxcvbn = require('zxcvbn'); var db = require('../database'); var utils = require('../utils'); @@ -15,7 +14,7 @@ module.exports = function (User) { data.username = data.username.trim(); data.userslug = utils.slugify(data.username); if (data.email !== undefined) { - data.email = validator.escape(String(data.email).trim()); + data.email = String(data.email).trim(); } var timestamp = data.timestamp || Date.now(); var userData; diff --git a/src/user/data.js b/src/user/data.js index 22fb8e8df7..c411aef9c1 100644 --- a/src/user/data.js +++ b/src/user/data.js @@ -159,6 +159,10 @@ module.exports = function (User) { user.username = validator.escape(user.username ? user.username.toString() : ''); } + if (user.hasOwnProperty('email')) { + user.email = validator.escape(user.email ? user.email.toString() : ''); + } + if (!parseInt(user.uid, 10)) { user.uid = 0; user.username = (user.hasOwnProperty('oldUid') && parseInt(user.oldUid, 10)) ? '[[global:former_user]]' : '[[global:guest]]'; diff --git a/test/user.js b/test/user.js index 2d5505a6a8..f2ff257951 100644 --- a/test/user.js +++ b/test/user.js @@ -60,6 +60,17 @@ describe('User', function () { }); }); + it('should be created properly', function (done) { + User.create({ username: 'weirdemail', email: '

test

@gmail.com' }, function (err, uid) { + assert.ifError(err); + User.getUserData(uid, function (err, data) { + assert.ifError(err); + assert.equal(data.email, '<h1>test</h1>@gmail.com'); + done(); + }); + }); + }); + it('should have a valid email, if using an email', function (done) { User.create({ username: userData.username, password: userData.password, email: 'fakeMail' }, function (err) { assert(err);