hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #2555

Browse Source
v1.18.x
barisusakli 10 years ago
parent 8eb58bf5fe
commit d1540322c9
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File

3
src/controllers/accounts.js
Unescape Escape View File

@ -7,6 +7,7 @@ var fs = require('fs'),
winston = require('winston'),
nconf = require('nconf'),
async = require('async'),
validator = require('validator'),
db = require('../database'),
user = require('../user'),
@ -95,7 +96,7 @@ function getUserDataByUserSlug(userslug, callerUID, callback) {
userData.profile_links = results.profile_links;
userData.status = websockets.isUserOnline(userData.uid) ? (userData.status || 'online') : 'offline';
userData.banned = parseInt(userData.banned, 10) === 1;
userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), '');
userData.followingCount = results.followStats.followingCount;
userData.followerCount = results.followStats.followerCount;

4
src/user/profile.js
Unescape Escape View File

@ -116,8 +116,8 @@ module.exports = function(User) {
} else if (field === 'signature') {
data[field] = S(data[field]).stripTags().s;
} else if (field === 'website') {
if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') {
data[field] = 'http://' + data[field];
if (!data[field].startsWith(validator.escape('http://')) && !data[field].startsWith(validator.escape('https://'))) {
data[field] = validator.escape('http://') + data[field];
}
}

Write Preview
Loading…
Cancel
Save