hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #7354

Browse Source
v1.18.x
Barış Soner Uşaklı 6 years ago
parent efd7d953de
commit c6ad8fae2a
7 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File

1
src/controllers/accounts/helpers.js
Unescape Escape View File

@ -189,7 +189,6 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) {
userData.websiteLink = !userData.website.startsWith('http') ? 'http://' + userData.website : userData.website; userData.websiteLink = !userData.website.startsWith('http') ? 'http://' + userData.website : userData.website;
userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), ''); userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), '');
userData.email = validator.escape(String(userData.email || ''));
userData.fullname = validator.escape(String(userData.fullname || '')); userData.fullname = validator.escape(String(userData.fullname || ''));
userData.location = validator.escape(String(userData.location || '')); userData.location = validator.escape(String(userData.location || ''));
userData.signature = validator.escape(String(userData.signature || '')); userData.signature = validator.escape(String(userData.signature || ''));

2
src/controllers/admin/users.js
Unescape Escape View File

@ -1,7 +1,6 @@
'use strict'; 'use strict';
var async = require('async'); var async = require('async');
var validator = require('validator');
var nconf = require('nconf'); var nconf = require('nconf');
var user = require('../../user'); var user = require('../../user');
@ -156,7 +155,6 @@ function getUsers(set, section, min, max, req, res, next) {
}, },
function (results) { function (results) {
results.users = results.users.filter(function (user) { results.users = results.users.filter(function (user) {
user.email = validator.escape(String(user.email || ''));
return user && parseInt(user.uid, 10); return user && parseInt(user.uid, 10);
}); });
var data = { var data = {

3
src/socket.io/admin/user.js
Unescape Escape View File

@ -1,7 +1,6 @@
'use strict'; 'use strict';
var async = require('async'); var async = require('async');
var validator = require('validator');
var winston = require('winston'); var winston = require('winston');
var db = require('../../database'); var db = require('../../database');
@ -210,7 +209,7 @@ User.search = function (socket, data, callback) {
function (userInfo, next) { function (userInfo, next) {
searchData.users.forEach(function (user, index) { searchData.users.forEach(function (user, index) {
if (user && userInfo[index]) { if (user && userInfo[index]) {
user.email = validator.escape(String(userInfo[index].email || '')); user.email = userInfo[index].email;
user.flags = userInfo[index].flags || 0; user.flags = userInfo[index].flags || 0;
user.lastonlineISO = userInfo[index].lastonlineISO; user.lastonlineISO = userInfo[index].lastonlineISO;
user.joindateISO = userInfo[index].joindateISO; user.joindateISO = userInfo[index].joindateISO;

4
src/user/approval.js
Unescape Escape View File

@ -180,9 +180,7 @@ module.exports = function (User) {
}, },
function (_data, next) { function (_data, next) {
data = _data; data = _data;
var keys = data.filter(Boolean).map(function (user) { var keys = data.filter(Boolean).map(user => 'registration:queue:name:' + user.value);
return 'registration:queue:name:' + user.value;
});
db.getObjects(keys, next); db.getObjects(keys, next);
}, },
function (users, next) { function (users, next) {

3
src/user/create.js
Unescape Escape View File

@ -1,7 +1,6 @@
'use strict'; 'use strict';
var async = require('async'); var async = require('async');
var validator = require('validator');
var zxcvbn = require('zxcvbn'); var zxcvbn = require('zxcvbn');
var db = require('../database'); var db = require('../database');
var utils = require('../utils'); var utils = require('../utils');
@ -15,7 +14,7 @@ module.exports = function (User) {
data.username = data.username.trim(); data.username = data.username.trim();
data.userslug = utils.slugify(data.username); data.userslug = utils.slugify(data.username);
if (data.email !== undefined) { if (data.email !== undefined) {
data.email = validator.escape(String(data.email).trim()); data.email = String(data.email).trim();
} }
var timestamp = data.timestamp || Date.now(); var timestamp = data.timestamp || Date.now();
var userData; var userData;

4
src/user/data.js
Unescape Escape View File

@ -159,6 +159,10 @@ module.exports = function (User) {
user.username = validator.escape(user.username ? user.username.toString() : ''); user.username = validator.escape(user.username ? user.username.toString() : '');
} }
if (user.hasOwnProperty('email')) {
user.email = validator.escape(user.email ? user.email.toString() : '');
}
if (!parseInt(user.uid, 10)) { if (!parseInt(user.uid, 10)) {
user.uid = 0; user.uid = 0;
user.username = (user.hasOwnProperty('oldUid') && parseInt(user.oldUid, 10)) ? '[[global:former_user]]' : '[[global:guest]]'; user.username = (user.hasOwnProperty('oldUid') && parseInt(user.oldUid, 10)) ? '[[global:former_user]]' : '[[global:guest]]';

11
test/user.js
Unescape Escape View File

@ -60,6 +60,17 @@ describe('User', function () {
}); });
}); });
it('should be created properly', function (done) {
User.create({ username: 'weirdemail', email: '<h1>test</h1>@gmail.com' }, function (err, uid) {
assert.ifError(err);
User.getUserData(uid, function (err, data) {
assert.ifError(err);
assert.equal(data.email, '&lt;h1&gt;test&lt;&#x2F;h1&gt;@gmail.com');
done();
});
});
});
it('should have a valid email, if using an email', function (done) { it('should have a valid email, if using an email', function (done) {
User.create({ username: userData.username, password: userData.password, email: 'fakeMail' }, function (err) { User.create({ username: userData.username, password: userData.password, email: 'fakeMail' }, function (err) {
assert(err); assert(err);

Write Preview
Loading…
Cancel
Save