From 753f1576ceceaaaf03bcb5b2fc62593cf084fc62 Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 16 Aug 2017 16:47:52 -0400
Subject: [PATCH 01/13] processSortedSet
---
src/user/profile.js | 4 +++-
src/user/reset.js | 9 ++-------
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/user/profile.js b/src/user/profile.js
index 54ed58267b..dbdcbcba85 100644
--- a/src/user/profile.js
+++ b/src/user/profile.js
@@ -185,7 +185,9 @@ module.exports = function (User) {
function (next) {
db.sortedSetAdd('users:notvalidated', Date.now(), uid, next);
},
- async.apply(User.reset.cleanByUid, uid),
+ function (next) {
+ User.reset.cleanByUid(uid, next);
+ },
], function (err) {
next(err);
});
diff --git a/src/user/reset.js b/src/user/reset.js
index 618ba680bc..db52ed033e 100644
--- a/src/user/reset.js
+++ b/src/user/reset.js
@@ -171,17 +171,12 @@ UserReset.clean = function (callback) {
};
UserReset.cleanByUid = function (uid, callback) {
- if (typeof callback !== 'function') {
- callback = function () {};
- }
-
var toClean = [];
uid = parseInt(uid, 10);
async.waterfall([
- async.apply(db.getSortedSetRange.bind(db), 'reset:issueDate', 0, -1),
- function (tokens, next) {
- batch.processArray(tokens, function (tokens, next) {
+ function (next) {
+ batch.processSortedSet('reset:issueDate', function (tokens, next) {
db.getObjectFields('reset:uid', tokens, function (err, results) {
for (var code in results) {
if (results.hasOwnProperty(code) && parseInt(results[code], 10) === uid) {
From 4e98c4b39fb430da2e7175f1de3a6c44c6937956 Mon Sep 17 00:00:00 2001
From: "Misty (Bot)" <deploy@nodebb.org>
Date: Thu, 17 Aug 2017 09:23:28 +0000
Subject: [PATCH 02/13] Latest translations and fallbacks
---
public/language/zh-CN/admin/advanced/database.json | 4 ++--
public/language/zh-CN/admin/advanced/errors.json | 2 +-
public/language/zh-CN/admin/advanced/events.json | 2 +-
public/language/zh-CN/admin/appearance/skins.json | 2 +-
public/language/zh-CN/admin/development/logger.json | 2 +-
public/language/zh-CN/admin/general/dashboard.json | 2 +-
public/language/zh-CN/admin/manage/categories.json | 2 +-
public/language/zh-CN/admin/manage/registration.json | 2 +-
public/language/zh-CN/category.json | 4 ++--
9 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/public/language/zh-CN/admin/advanced/database.json b/public/language/zh-CN/admin/advanced/database.json
index 825469bb2d..f8487c7fcb 100644
--- a/public/language/zh-CN/admin/advanced/database.json
+++ b/public/language/zh-CN/admin/advanced/database.json
@@ -17,14 +17,14 @@
"mongo.file-size": "文件大小",
"mongo.resident-memory": "驻留内存",
"mongo.virtual-memory": "虚拟内存",
- "mongo.mapped-memory": "映射",
+ "mongo.mapped-memory": "已映射内存",
"mongo.raw-info": "MongoDB 原始信息",
"redis": "Redis",
"redis.version": "Redis 版本",
"redis.connected-clients": "已连接客户端",
"redis.connected-slaves": "已连接从",
- "redis.blocked-clients": "阻止的客户端",
+ "redis.blocked-clients": "受阻的客户端",
"redis.used-memory": "已使用内存",
"redis.memory-frag-ratio": "内存碎片比率",
"redis.total-connections-recieved": "已接收的连接总数",
diff --git a/public/language/zh-CN/admin/advanced/errors.json b/public/language/zh-CN/admin/advanced/errors.json
index 257f88661c..6fd8b532b6 100644
--- a/public/language/zh-CN/admin/advanced/errors.json
+++ b/public/language/zh-CN/admin/advanced/errors.json
@@ -4,7 +4,7 @@
"error.404": "404 页面不存在",
"error.503": "503 服务不可用",
"manage-error-log": "管理错误日志",
- "export-error-log": "提取错误日志(.csv)",
+ "export-error-log": "导出错误日志 (.csv)",
"clear-error-log": "清空错误日志",
"route": "路由",
"count": "计数",
diff --git a/public/language/zh-CN/admin/advanced/events.json b/public/language/zh-CN/admin/advanced/events.json
index 85d741ff27..b9f44389e7 100644
--- a/public/language/zh-CN/admin/advanced/events.json
+++ b/public/language/zh-CN/admin/advanced/events.json
@@ -1,6 +1,6 @@
{
"events": "事件",
- "no-events": "暂无事件。",
+ "no-events": "暂无事件",
"control-panel": "事件控制面板",
"delete-events": "清除事件"
}
\ No newline at end of file
diff --git a/public/language/zh-CN/admin/appearance/skins.json b/public/language/zh-CN/admin/appearance/skins.json
index 730c79c2f0..1a075fe9f9 100644
--- a/public/language/zh-CN/admin/appearance/skins.json
+++ b/public/language/zh-CN/admin/appearance/skins.json
@@ -5,5 +5,5 @@
"current-skin": "当前皮肤",
"skin-updated": "皮肤已更新",
"applied-success": "%1 皮肤已成功应用",
- "revert-success": "皮肤恢复到基础颜色"
+ "revert-success": "皮肤已恢复到基础颜色"
}
\ No newline at end of file
diff --git a/public/language/zh-CN/admin/development/logger.json b/public/language/zh-CN/admin/development/logger.json
index b7e6b36f17..769fd15b11 100644
--- a/public/language/zh-CN/admin/development/logger.json
+++ b/public/language/zh-CN/admin/development/logger.json
@@ -5,7 +5,7 @@
"enable-http": "启用 HTTP 日志",
"enable-socket": "启用 socket.io 事件日志",
"file-path": "日志文件路径",
- "file-path-placeholder": "如/path/to/log/file.log ::: 如想在终端中显示日志请留空此项",
+ "file-path-placeholder": "如 /path/to/log/file.log ::: 如想在终端中显示日志请留空此项",
"control-panel": "日志记录器控制面板",
"update-settings": "更新日志记录器设置"
diff --git a/public/language/zh-CN/admin/general/dashboard.json b/public/language/zh-CN/admin/general/dashboard.json
index f89eecfc59..f263627aa2 100644
--- a/public/language/zh-CN/admin/general/dashboard.json
+++ b/public/language/zh-CN/admin/general/dashboard.json
@@ -24,7 +24,7 @@
"keep-updated": "请确保您已及时更新 NodeBB 以获得最新的安全补丁与 Bug 修复。",
"up-to-date": "<p>正在使用 <strong>最新版本</strong> <i class=\"fa fa-check\"></i></p>",
"upgrade-available": "<p> 新版本 (v%1) 已经发布! 建议 <a href=\"https://docs.nodebb.org/configuring/upgrade/\">更新你的 NodeBB</a>。</p>",
- "prerelease-upgrade-available": "<p>正在使用NodeBB过期的实验版本。新的版本 (v%1) 已经发布。 请考虑<a href=\"https://docs.nodebb.org/configuring/upgrade/\">更新你的 NodeBB</a>。",
+ "prerelease-upgrade-available": "<p>正在使用过时的测试版 NodeBB。新的版本 (v%1) 已经发布。 请考虑<a href=\"https://docs.nodebb.org/configuring/upgrade/\">更新你的 NodeBB</a>。",
"prerelease-warning": "<p>正在使用<strong>测试版</strong> NodeBB。可能会出现意外的 Bug。<i class=\"fa fa-exclamation-triangle\"></i></p>",
"running-in-development": "<span>论坛正处于开发模式,这可能使其暴露于潜在的危险之中;请联系您的系统管理员。</span>",
diff --git a/public/language/zh-CN/admin/manage/categories.json b/public/language/zh-CN/admin/manage/categories.json
index babc97bb9f..63f94bdebe 100644
--- a/public/language/zh-CN/admin/manage/categories.json
+++ b/public/language/zh-CN/admin/manage/categories.json
@@ -60,7 +60,7 @@
"alert.copy-success": "设置已复制!",
"alert.set-parent-category": "设置父版块",
"alert.updated": "版块已更新",
- "alert.updated-success": "版块ID %1 成功更新。",
+ "alert.updated-success": "版块 ID %1 成功更新。",
"alert.upload-image": "上传版块图片",
"alert.find-user": "查找用户",
"alert.user-search": "在这里查找用户…",
diff --git a/public/language/zh-CN/admin/manage/registration.json b/public/language/zh-CN/admin/manage/registration.json
index aa46fcdb49..fa2e26c5be 100644
--- a/public/language/zh-CN/admin/manage/registration.json
+++ b/public/language/zh-CN/admin/manage/registration.json
@@ -11,7 +11,7 @@
"list.ip-spam": "频率:%1 显示: %2",
"invitations": "邀请",
- "invitations.description": "下面是一份完整的邀请请求列表。请使用Ctrl-F键以及电子邮件或者用户名以便搜索这个列表。<br><br>那些已经接受他们邀请的用户的用户名将显示在电子邮箱右边。",
+ "invitations.description": "下面列出了所有已发送的邀请。您可以使用 Ctrl+F 快捷键搜索列表中的邮箱地址或用户名。<br><br>如果用户接受了邀请,他的用户名将会被显示在邮箱右边。",
"invitations.inviter-username": "邀请人用户名",
"invitations.invitee-email": "受邀请的电子邮箱",
"invitations.invitee-username": "受邀请的用户名(如果已经注册)",
diff --git a/public/language/zh-CN/category.json b/public/language/zh-CN/category.json
index e9ce41a2e3..4c9902d3d8 100644
--- a/public/language/zh-CN/category.json
+++ b/public/language/zh-CN/category.json
@@ -2,7 +2,7 @@
"category": "版块",
"subcategories": "子版块",
"new_topic_button": "新主题",
- "guest-login-post": "登录后发表",
+ "guest-login-post": "登录以发表",
"no_topics": "<strong>此版块还没有任何内容。</strong><br />赶紧来发帖吧!",
"browsing": "正在浏览",
"no_replies": "尚无回复",
@@ -10,7 +10,7 @@
"share_this_category": "分享此版块",
"watch": "关注",
"ignore": "忽略",
- "watching": "正在关注",
+ "watching": "已关注",
"ignoring": "已忽略",
"watching.description": "显示未读主题",
"ignoring.description": "不显示未读主题",
From f14c2f44ffba5972e65fd8f37f40cfae6b238c4f Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 17 Aug 2017 11:53:01 -0400
Subject: [PATCH 03/13] up themes for rtl fixes
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index c12be8d8db..392a6986b2 100644
--- a/package.json
+++ b/package.json
@@ -65,9 +65,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.22",
+ "nodebb-theme-persona": "5.0.23",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.17",
+ "nodebb-theme-vanilla": "6.0.18",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
From 89b2d94b6151c4802b359cf38113184626d46828 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 17 Aug 2017 12:54:51 -0400
Subject: [PATCH 04/13] up themes again
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index 392a6986b2..ecd8a34141 100644
--- a/package.json
+++ b/package.json
@@ -65,9 +65,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.23",
+ "nodebb-theme-persona": "5.0.24",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.18",
+ "nodebb-theme-vanilla": "6.0.19",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
From 4dae008e16a9389fd1c47cb87f962e846462adee Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 17 Aug 2017 13:17:24 -0400
Subject: [PATCH 05/13] up themes again :shipit:
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index ecd8a34141..0c85ba1c53 100644
--- a/package.json
+++ b/package.json
@@ -65,9 +65,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.24",
+ "nodebb-theme-persona": "5.0.25",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.19",
+ "nodebb-theme-vanilla": "6.0.20",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
From db13aac106df3b0d4d4078d8e4e13276d79a5bf0 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 17 Aug 2017 13:35:40 -0400
Subject: [PATCH 06/13] up themes, for the last time today.
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index 0c85ba1c53..455e5b8957 100644
--- a/package.json
+++ b/package.json
@@ -65,9 +65,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.25",
+ "nodebb-theme-persona": "5.0.27",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.20",
+ "nodebb-theme-vanilla": "6.0.21",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
From dc9b21021ab08cba0478baa25e75017059ade05d Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Fri, 18 Aug 2017 11:23:15 -0400
Subject: [PATCH 07/13] escape moderation notes
---
src/controllers/accounts/info.js | 33 +++++++++++++++-----------------
src/user/info.js | 1 +
test/user.js | 5 +++--
3 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/src/controllers/accounts/info.js b/src/controllers/accounts/info.js
index 7f9edb2462..cb3b6f1abf 100644
--- a/src/controllers/accounts/info.js
+++ b/src/controllers/accounts/info.js
@@ -47,24 +47,21 @@ infoController.get = function (req, res, callback) {
},
}, next);
},
- ], function (err, data) {
- if (err) {
- return callback(err);
- }
+ function (data) {
+ userData.history = data.history;
+ userData.sessions = data.sessions;
+ userData.usernames = data.usernames;
+ userData.emails = data.emails;
- userData.history = data.history;
- userData.sessions = data.sessions;
- userData.usernames = data.usernames;
- userData.emails = data.emails;
-
- if (userData.isAdminOrGlobalModeratorOrModerator) {
- userData.moderationNotes = data.notes.notes;
- var pageCount = Math.ceil(data.notes.count / itemsPerPage);
- userData.pagination = pagination.create(page, pageCount, req.query);
- }
- userData.title = '[[pages:account/info]]';
- userData.breadcrumbs = helpers.buildBreadcrumbs([{ text: userData.username, url: '/user/' + userData.userslug }, { text: '[[user:account_info]]' }]);
+ if (userData.isAdminOrGlobalModeratorOrModerator) {
+ userData.moderationNotes = data.notes.notes;
+ var pageCount = Math.ceil(data.notes.count / itemsPerPage);
+ userData.pagination = pagination.create(page, pageCount, req.query);
+ }
+ userData.title = '[[pages:account/info]]';
+ userData.breadcrumbs = helpers.buildBreadcrumbs([{ text: userData.username, url: '/user/' + userData.userslug }, { text: '[[user:account_info]]' }]);
- res.render('account/info', userData);
- });
+ res.render('account/info', userData);
+ },
+ ], callback);
};
diff --git a/src/user/info.js b/src/user/info.js
index e8642989a1..5e91c6cf08 100644
--- a/src/user/info.js
+++ b/src/user/info.js
@@ -166,6 +166,7 @@ module.exports = function (User) {
var data = JSON.parse(note);
uids.push(data.uid);
data.timestampISO = utils.toISOString(data.timestamp);
+ data.note = validator.escape(String(data.note));
return data;
} catch (err) {
return next(err);
diff --git a/test/user.js b/test/user.js
index a5f92a1744..77144ea9c7 100644
--- a/test/user.js
+++ b/test/user.js
@@ -1236,15 +1236,16 @@ describe('User', function () {
setTimeout(next, 50);
},
function (next) {
- socketUser.setModerationNote({ uid: adminUid }, { uid: testUid, note: 'second moderation note' }, next);
+ socketUser.setModerationNote({ uid: adminUid }, { uid: testUid, note: '<svg/onload=alert(document.location);//' }, next);
},
function (next) {
User.getModerationNotes(testUid, 0, -1, next);
},
], function (err, notes) {
assert.ifError(err);
- assert.equal(notes[0].note, 'second moderation note');
+ assert.equal(notes[0].note, '<svg/onload=alert(document.location);//');
assert.equal(notes[0].uid, adminUid);
+ assert.equal(notes[1].note, 'this is a test user');
assert(notes[0].timestamp);
done();
});
From b4a4fd8679c2106f7ad1ffdb66532099d2a60fa2 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 18 Aug 2017 12:25:41 -0400
Subject: [PATCH 08/13] up composer for #5886
---
package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package.json b/package.json
index 455e5b8957..6fa914da46 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
"morgan": "^1.3.2",
"mousetrap": "^1.5.3",
"nconf": "~0.8.2",
- "nodebb-plugin-composer-default": "5.0.5",
+ "nodebb-plugin-composer-default": "5.0.6",
"nodebb-plugin-dbsearch": "2.0.6",
"nodebb-plugin-emoji-extended": "1.1.1",
"nodebb-plugin-emoji-one": "1.2.1",
From 1159abf9ec8f33328d0bb61a99b6f61bcab74aa2 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 18 Aug 2017 15:05:49 -0400
Subject: [PATCH 09/13] fixes #5879
---
package.json | 1 +
src/meta/blacklist.js | 20 +++++++++++++++-----
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/package.json b/package.json
index 6fa914da46..148c7c4ac2 100644
--- a/package.json
+++ b/package.json
@@ -41,6 +41,7 @@
"express-useragent": "1.0.7",
"html-to-text": "3.3.0",
"ip": "1.1.5",
+ "ip-range-check": "^0.0.2",
"jimp": "0.2.28",
"jquery": "^3.1.0",
"json-2-csv": "^2.0.22",
diff --git a/src/meta/blacklist.js b/src/meta/blacklist.js
index 1ef6cfe0a9..80f3ca1190 100644
--- a/src/meta/blacklist.js
+++ b/src/meta/blacklist.js
@@ -1,6 +1,7 @@
'use strict';
var ip = require('ip');
+var ipRangeCheck = require('ip-range-check');
var winston = require('winston');
var async = require('async');
@@ -27,6 +28,7 @@ Blacklist.load = function (callback) {
ipv4: rules.ipv4,
ipv6: rules.ipv6,
cidr: rules.cidr,
+ cidr6: rules.cidr6,
};
next();
},
@@ -53,11 +55,12 @@ Blacklist.get = function (callback) {
Blacklist.test = function (clientIp, callback) {
if (
- Blacklist._rules.ipv4.indexOf(clientIp) === -1 &&// not explicitly specified in ipv4 list
- Blacklist._rules.ipv6.indexOf(clientIp) === -1 &&// not explicitly specified in ipv6 list
+ Blacklist._rules.ipv4.indexOf(clientIp) === -1 && // not explicitly specified in ipv4 list
+ Blacklist._rules.ipv6.indexOf(clientIp) === -1 && // not explicitly specified in ipv6 list
!Blacklist._rules.cidr.some(function (subnet) {
return ip.cidrSubnet(subnet).contains(clientIp);
- }) // not in a blacklisted cidr range
+ }) && // not in a blacklisted IPv4 cidr range
+ !ipRangeCheck(clientIp, Blacklist._rules.cidr6) // not in a blacklisted IPv6 cidr range
) {
if (typeof callback === 'function') {
setImmediate(callback);
@@ -81,9 +84,11 @@ Blacklist.validate = function (rules, callback) {
var ipv4 = [];
var ipv6 = [];
var cidr = [];
+ var cidr6 = [];
var invalid = [];
- var isCidrSubnet = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/;
+ var isIPv4CidrSubnet = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/;
+ var isIPv6CidrSubnet = /^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/;
var inlineCommentMatch = /#.*$/;
var whitelist = ['127.0.0.1', '::1', '::ffff:0:127.0.0.1'];
@@ -109,7 +114,11 @@ Blacklist.validate = function (rules, callback) {
ipv6.push(rule);
return true;
}
- if (isCidrSubnet.test(rule)) {
+ if (isIPv4CidrSubnet.test(rule)) {
+ cidr.push(rule);
+ return true;
+ }
+ if (isIPv6CidrSubnet.test(rule)) {
cidr.push(rule);
return true;
}
@@ -123,6 +132,7 @@ Blacklist.validate = function (rules, callback) {
ipv4: ipv4,
ipv6: ipv6,
cidr: cidr,
+ cidr6: cidr6,
valid: rules,
invalid: invalid,
});
From c1d7b06ded71a6ddf8fb4ca7bbae5211db99cca7 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 18 Aug 2017 16:30:04 -0400
Subject: [PATCH 10/13] Fixes #5873
- Notifications.getMultiple now takes an optional uid parameter
- If a notification link in dropdown points to a topic and you're
in said topic, you will be scrolled to the post instead of
ajaxified to it.
---
public/src/modules/notifications.js | 15 +++++++++--
src/notifications.js | 39 ++++++++++++++++++++++++-----
src/user/notifications.js | 2 +-
3 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/public/src/modules/notifications.js b/public/src/modules/notifications.js
index 928884b69a..ea78918c1b 100644
--- a/public/src/modules/notifications.js
+++ b/public/src/modules/notifications.js
@@ -1,7 +1,7 @@
'use strict';
-define('notifications', ['sounds', 'translator', 'components'], function (sounds, translator, components) {
+define('notifications', ['sounds', 'translator', 'components', 'navigator'], function (sounds, translator, components, navigator) {
var Notifications = {};
var unreadNotifs = {};
@@ -20,7 +20,18 @@ define('notifications', ['sounds', 'translator', 'components'], function (sounds
Notifications.loadNotifications(notifList);
});
- notifList.on('click', '[data-nid]', function () {
+ notifList.on('click', '[data-nid]', function (e) {
+ // Scroll to index if already in topic (gh#5873)
+ var index = $(this).attr('data-index');
+ var tid = $(this).attr('data-tid');
+ if (index && ajaxify.data.template.topic && parseInt(ajaxify.data.tid, 10) === parseInt(tid, 10)) {
+ e.stopPropagation();
+ e.preventDefault();
+
+ navigator.scrollToIndex(index, true);
+ notifTrigger.dropdown('toggle');
+ }
+
var unread = $(this).hasClass('unread');
if (!unread) {
return;
diff --git a/src/notifications.js b/src/notifications.js
index 58ccf2e8fa..715f4cf264 100644
--- a/src/notifications.js
+++ b/src/notifications.js
@@ -13,6 +13,7 @@ var groups = require('./groups');
var meta = require('./meta');
var batch = require('./batch');
var plugins = require('./plugins');
+var posts = require('./posts');
var utils = require('./utils');
var Notifications = module.exports;
@@ -22,13 +23,19 @@ Notifications.startJobs = function () {
new cron('*/30 * * * *', Notifications.prune, null, true);
};
-Notifications.get = function (nid, callback) {
- Notifications.getMultiple([nid], function (err, notifications) {
+Notifications.get = function (nid, uid, callback) {
+ Notifications.getMultiple([nid], uid, function (err, notifications) {
callback(err, Array.isArray(notifications) && notifications.length ? notifications[0] : null);
});
};
-Notifications.getMultiple = function (nids, callback) {
+Notifications.getMultiple = function (nids, uid, callback) {
+ if (typeof uid === 'function' && !callback) {
+ // no uid passed in
+ callback = uid;
+ uid = undefined;
+ }
+
if (!Array.isArray(nids) || !nids.length) {
return setImmediate(callback, null, []);
}
@@ -37,8 +44,19 @@ Notifications.getMultiple = function (nids, callback) {
});
var notifications;
+ var userSettings;
async.waterfall([
+ function (next) {
+ if (!uid) {
+ return setImmediate(next);
+ }
+
+ User.getSettings(uid, function (err, settings) {
+ userSettings = settings;
+ next(err);
+ });
+ },
function (next) {
db.getObjects(keys, next);
},
@@ -51,7 +69,7 @@ Notifications.getMultiple = function (nids, callback) {
User.getUsersFields(userKeys, ['username', 'userslug', 'picture'], next);
},
function (usersData, next) {
- notifications.forEach(function (notification, index) {
+ async.eachOf(notifications, function (notification, index, next) {
if (notification) {
notification.datetimeISO = utils.toISOString(notification.datetime);
@@ -68,10 +86,19 @@ Notifications.getMultiple = function (nids, callback) {
} else if (notification.image === 'brand:logo' || !notification.image) {
notification.image = meta.config['brand:logo'] || nconf.get('relative_path') + '/logo.png';
}
+
+ if (notification.path.startsWith('/post/')) {
+ posts.getPidIndex(notification.pid, notification.tid, userSettings.topicPostSort, function (err, index) {
+ notification.index = index;
+ next(err);
+ });
+ } else {
+ next();
+ }
}
+ }, function (err) {
+ next(err, notifications);
});
-
- next(null, notifications);
},
], callback);
};
diff --git a/src/user/notifications.js b/src/user/notifications.js
index 4e2dcba7e8..cb3f208e0f 100644
--- a/src/user/notifications.js
+++ b/src/user/notifications.js
@@ -140,7 +140,7 @@ UserNotifications.getNotifications = function (nids, uid, callback) {
function (next) {
async.parallel({
notifications: function (next) {
- notifications.getMultiple(nids, next);
+ notifications.getMultiple(nids, uid, next);
},
hasRead: function (next) {
db.isSortedSetMembers('uid:' + uid + ':notifications:read', nids, next);
From 31ae8c7fd5eeb00a2fcc70214bae1c29d397816c Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 18 Aug 2017 16:32:07 -0400
Subject: [PATCH 11/13] up themes for #5873
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index 148c7c4ac2..2a7575b3b5 100644
--- a/package.json
+++ b/package.json
@@ -66,9 +66,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.27",
+ "nodebb-theme-persona": "5.0.28",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.21",
+ "nodebb-theme-vanilla": "6.0.22",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
From 5dfb2fb83a12fc9185d8bacc72740196e3aec184 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
<baris@nodebb.org>
Date: Fri, 18 Aug 2017 19:00:48 -0400
Subject: [PATCH 12/13] up themes, fix notif test
---
package.json | 4 +--
public/src/modules/notifications.js | 31 ++++++++++++++---------
src/notifications.js | 38 ++++-------------------------
src/user/notifications.js | 2 +-
4 files changed, 28 insertions(+), 47 deletions(-)
diff --git a/package.json b/package.json
index 2a7575b3b5..56a606d617 100644
--- a/package.json
+++ b/package.json
@@ -66,9 +66,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.28",
+ "nodebb-theme-persona": "5.0.29",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.22",
+ "nodebb-theme-vanilla": "6.0.23",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
diff --git a/public/src/modules/notifications.js b/public/src/modules/notifications.js
index ea78918c1b..f99e1b8de4 100644
--- a/public/src/modules/notifications.js
+++ b/public/src/modules/notifications.js
@@ -20,23 +20,19 @@ define('notifications', ['sounds', 'translator', 'components', 'navigator'], fun
Notifications.loadNotifications(notifList);
});
- notifList.on('click', '[data-nid]', function (e) {
- // Scroll to index if already in topic (gh#5873)
- var index = $(this).attr('data-index');
- var tid = $(this).attr('data-tid');
- if (index && ajaxify.data.template.topic && parseInt(ajaxify.data.tid, 10) === parseInt(tid, 10)) {
- e.stopPropagation();
- e.preventDefault();
-
- navigator.scrollToIndex(index, true);
+ notifList.on('click', '[data-nid]', function (ev) {
+ var notifEl = $(this);
+ if (scrollToPostIndexIfOnPage(notifEl)) {
+ ev.stopPropagation();
+ ev.preventDefault();
notifTrigger.dropdown('toggle');
}
- var unread = $(this).hasClass('unread');
+ var unread = notifEl.hasClass('unread');
if (!unread) {
return;
}
- var nid = $(this).attr('data-nid');
+ var nid = notifEl.attr('data-nid');
socket.emit('notifications.markRead', nid, function (err) {
if (err) {
return app.alertError(err.message);
@@ -118,6 +114,19 @@ define('notifications', ['sounds', 'translator', 'components', 'navigator'], fun
});
};
+ function scrollToPostIndexIfOnPage(notifEl) {
+ // Scroll to index if already in topic (gh#5873)
+ var pid = notifEl.attr('data-pid');
+ var tid = notifEl.attr('data-tid');
+ var path = notifEl.attr('data-path');
+ var postEl = components.get('post', 'pid', pid);
+ if (path.startsWith(config.relative_path + '/post/') && pid && postEl.length && ajaxify.data.template.topic && parseInt(ajaxify.data.tid, 10) === parseInt(tid, 10)) {
+ navigator.scrollToIndex(postEl.attr('data-index'), true);
+ return true;
+ }
+ return false;
+ }
+
Notifications.loadNotifications = function (notifList) {
socket.emit('notifications.get', null, function (err, data) {
if (err) {
diff --git a/src/notifications.js b/src/notifications.js
index 715f4cf264..098efe5d9f 100644
--- a/src/notifications.js
+++ b/src/notifications.js
@@ -13,7 +13,6 @@ var groups = require('./groups');
var meta = require('./meta');
var batch = require('./batch');
var plugins = require('./plugins');
-var posts = require('./posts');
var utils = require('./utils');
var Notifications = module.exports;
@@ -23,19 +22,13 @@ Notifications.startJobs = function () {
new cron('*/30 * * * *', Notifications.prune, null, true);
};
-Notifications.get = function (nid, uid, callback) {
- Notifications.getMultiple([nid], uid, function (err, notifications) {
+Notifications.get = function (nid, callback) {
+ Notifications.getMultiple([nid], function (err, notifications) {
callback(err, Array.isArray(notifications) && notifications.length ? notifications[0] : null);
});
};
-Notifications.getMultiple = function (nids, uid, callback) {
- if (typeof uid === 'function' && !callback) {
- // no uid passed in
- callback = uid;
- uid = undefined;
- }
-
+Notifications.getMultiple = function (nids, callback) {
if (!Array.isArray(nids) || !nids.length) {
return setImmediate(callback, null, []);
}
@@ -44,19 +37,8 @@ Notifications.getMultiple = function (nids, uid, callback) {
});
var notifications;
- var userSettings;
async.waterfall([
- function (next) {
- if (!uid) {
- return setImmediate(next);
- }
-
- User.getSettings(uid, function (err, settings) {
- userSettings = settings;
- next(err);
- });
- },
function (next) {
db.getObjects(keys, next);
},
@@ -69,7 +51,7 @@ Notifications.getMultiple = function (nids, uid, callback) {
User.getUsersFields(userKeys, ['username', 'userslug', 'picture'], next);
},
function (usersData, next) {
- async.eachOf(notifications, function (notification, index, next) {
+ notifications.forEach(function (notification, index) {
if (notification) {
notification.datetimeISO = utils.toISOString(notification.datetime);
@@ -86,19 +68,9 @@ Notifications.getMultiple = function (nids, uid, callback) {
} else if (notification.image === 'brand:logo' || !notification.image) {
notification.image = meta.config['brand:logo'] || nconf.get('relative_path') + '/logo.png';
}
-
- if (notification.path.startsWith('/post/')) {
- posts.getPidIndex(notification.pid, notification.tid, userSettings.topicPostSort, function (err, index) {
- notification.index = index;
- next(err);
- });
- } else {
- next();
- }
}
- }, function (err) {
- next(err, notifications);
});
+ next(null, notifications);
},
], callback);
};
diff --git a/src/user/notifications.js b/src/user/notifications.js
index cb3f208e0f..4e2dcba7e8 100644
--- a/src/user/notifications.js
+++ b/src/user/notifications.js
@@ -140,7 +140,7 @@ UserNotifications.getNotifications = function (nids, uid, callback) {
function (next) {
async.parallel({
notifications: function (next) {
- notifications.getMultiple(nids, uid, next);
+ notifications.getMultiple(nids, next);
},
hasRead: function (next) {
db.isSortedSetMembers('uid:' + uid + ':notifications:read', nids, next);
From 5344edc2a762480d8f39712baa52f626233a7295 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
<baris@nodebb.org>
Date: Fri, 18 Aug 2017 20:08:19 -0400
Subject: [PATCH 13/13] closes #5885
---
package.json | 4 ++--
src/controllers/accounts/helpers.js | 3 +--
src/privileges/posts.js | 17 +++++++++++++++++
src/socket.io/posts/tools.js | 4 ++++
4 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/package.json b/package.json
index 56a606d617..b2b7e352c0 100644
--- a/package.json
+++ b/package.json
@@ -66,9 +66,9 @@
"nodebb-plugin-spam-be-gone": "0.5.1",
"nodebb-rewards-essentials": "0.0.9",
"nodebb-theme-lavender": "4.0.5",
- "nodebb-theme-persona": "5.0.29",
+ "nodebb-theme-persona": "5.0.30",
"nodebb-theme-slick": "1.1.0",
- "nodebb-theme-vanilla": "6.0.23",
+ "nodebb-theme-vanilla": "6.0.24",
"nodebb-widget-essentials": "3.0.1",
"nodemailer": "2.6.4",
"nodemailer-sendmail-transport": "1.0.0",
diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js
index 5bd65a33af..e35ac514d9 100644
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@@ -182,9 +182,8 @@ function filterLinks(links, states) {
admin: true,
}, link.visibility);
- // Iterate through states and permit if every test passes (or is not defined)
var permit = Object.keys(states).some(function (state) {
- return states[state] === link.visibility[state];
+ return states[state] && link.visibility[state];
});
links[index].public = permit;
diff --git a/src/privileges/posts.js b/src/privileges/posts.js
index 89ef1e0f48..f2bfe38428 100644
--- a/src/privileges/posts.js
+++ b/src/privileges/posts.js
@@ -10,6 +10,7 @@ var topics = require('../topics');
var user = require('../user');
var helpers = require('./helpers');
var plugins = require('../plugins');
+var utils = require('../utils');
module.exports = function (privileges) {
privileges.posts = {};
@@ -190,6 +191,22 @@ module.exports = function (privileges) {
], callback);
};
+ privileges.posts.canFlag = function (pid, uid, callback) {
+ async.waterfall([
+ function (next) {
+ async.parallel({
+ userReputation: async.apply(user.getUserField, uid, 'reputation'),
+ isAdminOrMod: async.apply(isAdminOrMod, pid, uid),
+ }, next);
+ },
+ function (results, next) {
+ var minimumReputation = utils.isNumber(meta.config['privileges:flag']) ? parseInt(meta.config['privileges:flag'], 10) : 1;
+ var canFlag = results.isAdminOrMod || parseInt(results.userReputation, 10) >= minimumReputation;
+ next(null, { flag: canFlag });
+ },
+ ], callback);
+ };
+
privileges.posts.canMove = function (pid, uid, callback) {
async.waterfall([
function (next) {
diff --git a/src/socket.io/posts/tools.js b/src/socket.io/posts/tools.js
index c075a96a8e..7f80ce9805 100644
--- a/src/socket.io/posts/tools.js
+++ b/src/socket.io/posts/tools.js
@@ -31,6 +31,9 @@ module.exports = function (SocketPosts) {
canDelete: function (next) {
privileges.posts.canDelete(data.pid, socket.uid, next);
},
+ canFlag: function (next) {
+ privileges.posts.canFlag(data.pid, socket.uid, next);
+ },
bookmarked: function (next) {
posts.hasBookmarked(data.pid, socket.uid, next);
},
@@ -49,6 +52,7 @@ module.exports = function (SocketPosts) {
results.posts.selfPost = socket.uid && socket.uid === parseInt(results.posts.uid, 10);
results.posts.display_edit_tools = results.canEdit.flag;
results.posts.display_delete_tools = results.canDelete.flag;
+ results.posts.display_flag_tools = socket.uid && !results.posts.selfPost && results.canFlag.flag;
results.posts.display_moderator_tools = results.posts.display_edit_tools || results.posts.display_delete_tools;
results.posts.display_move_tools = results.isAdminOrMod;
next(null, results);