Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

make sure validator.escape() receives strings only

Browse Source
This commit is contained in:
barisusakli
2016-08-27 15:45:15 +03:00
parent 431e7dd987
commit 07fe5057e1
20 changed files with 34 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/controllers/api.js
View File

@@ -22,8 +22,8 @@ apiController.getConfig = function(req, res, next) {
config.environment = process.env.NODE_ENV;
config.relative_path = nconf.get('relative_path');
config.version = nconf.get('version');
config.siteTitle = validator.escape(meta.config.title || meta.config.browserTitle || 'NodeBB');
config.browserTitle = validator.escape(meta.config.browserTitle || meta.config.title || 'NodeBB');
config.siteTitle = validator.escape(String(meta.config.title || meta.config.browserTitle || 'NodeBB'));
config.browserTitle = validator.escape(String(meta.config.browserTitle || meta.config.title || 'NodeBB'));
config.titleLayout = (meta.config.titleLayout || '{pageTitle} | {browserTitle}').replace(/{/g, '{').replace(/}/g, '}');
config.showSiteTitle = parseInt(meta.config.showSiteTitle, 10) === 1;
config.minimumTitleLength = meta.config.minimumTitleLength;
@@ -53,7 +53,7 @@ apiController.getConfig = function(req, res, next) {
config['theme:id'] = meta.config['theme:id'];
config['theme:src'] = meta.config['theme:src'];
config.defaultLang = meta.config.defaultLang || 'en_GB';
config.userLang = req.query.lang ? validator.escape(req.query.lang) : config.defaultLang;
config.userLang = req.query.lang ? validator.escape(String(req.query.lang)) : config.defaultLang;
config.loggedIn = !!req.user;
config['cache-buster'] = meta.config['cache-buster'] || '';
config.requireEmailConfirmation = parseInt(meta.config.requireEmailConfirmation, 10) === 1;
@@ -76,7 +76,7 @@ apiController.getConfig = function(req, res, next) {
config.topicsPerPage = settings.topicsPerPage;
config.postsPerPage = settings.postsPerPage;
config.notificationSounds = settings.notificationSounds;
config.userLang = (req.query.lang ? validator.escape(req.query.lang) : null) || settings.userLang || config.defaultLang;
config.userLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.userLang || config.defaultLang;
config.openOutgoingLinksInNewTab = settings.openOutgoingLinksInNewTab;
config.topicPostSort = settings.topicPostSort || config.topicPostSort;
config.categoryTopicSort = settings.categoryTopicSort || config.categoryTopicSort;