hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #3297

Browse Source
v1.18.x
Julian Lam 10 years ago
parent ffd22f50ff
commit da1c347fc2
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/middleware/middleware.js
Unescape Escape View File

@ -274,7 +274,7 @@ middleware.renderHeader = function(req, res, callback) {
templateValues.linkTags = results.tags.link; templateValues.linkTags = results.tags.link;
templateValues.isAdmin = results.user.isAdmin; templateValues.isAdmin = results.user.isAdmin;
templateValues.user = results.user; templateValues.user = results.user;
templateValues.userJSON = JSON.stringify(results.user).replace(/'/g, "\\'"); templateValues.userJSON = JSON.stringify(results.user);
templateValues.customCSS = results.customCSS; templateValues.customCSS = results.customCSS;
templateValues.customJS = results.customJS; templateValues.customJS = results.customJS;
templateValues.maintenanceHeader = parseInt(meta.config.maintenanceMode, 10) === 1 && !results.isAdmin; templateValues.maintenanceHeader = parseInt(meta.config.maintenanceMode, 10) === 1 && !results.isAdmin;

3
src/user.js
Unescape Escape View File

@ -3,6 +3,7 @@
var async = require('async'), var async = require('async'),
nconf = require('nconf'), nconf = require('nconf'),
gravatar = require('gravatar'), gravatar = require('gravatar'),
validator = require('validator'),
plugins = require('./plugins'), plugins = require('./plugins'),
db = require('./database'), db = require('./database'),
@ -111,6 +112,8 @@ var async = require('async'),
return; return;
} }
user.username = validator.escape(user.username);
if (user.password) { if (user.password) {
user.password = undefined; user.password = undefined;
} }

Write Preview
Loading…
Cancel
Save