Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-16 10:46:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Escape topic titles at the source, deduplicate

Browse Source
This commit is contained in:
Peter Jaszkowiak
2017-04-15 01:38:42 -06:00
parent ecfca21abe
commit 0fe10f5e86
10 changed files with 59 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/topics/data.js
View File

@@ -5,14 +5,43 @@ var validator = require('validator');
var db = require('../database');
var categories = require('../categories');
var utils = require('../utils');
var translator = require('../translator');
function escapeTitle(topicData) {
if (!topicData) {
return;
}
if (topicData.title) {
topicData.title = translator.escape(validator.escape(topicData.title));
}
if (topicData.titleRaw) {
topicData.titleRaw = translator.escape(topicData.titleRaw);
}
}
module.exports = function (Topics) {
Topics.getTopicField = function (tid, field, callback) {
db.getObjectField('topic:' + tid, field, callback);
db.getObjectField('topic:' + tid, field, function (err, value) {
if (err) {
return callback(err);
}
if (field === 'title') {
value = translator.escape(validator.escape(value));
}
callback(null, value);
});
};
Topics.getTopicFields = function (tid, fields, callback) {
db.getObjectFields('topic:' + tid, fields, callback);
db.getObjectFields('topic:' + tid, fields, function (err, topic) {
if (err) {
return callback(err);
}
escapeTitle(topic);
callback(null, topic);
});
};
Topics.getTopicsFields = function (tids, fields, callback) {
@@ -22,7 +51,14 @@ module.exports = function (Topics) {
var keys = tids.map(function (tid) {
return 'topic:' + tid;
});
db.getObjectsFields(keys, fields, callback);
db.getObjectsFields(keys, fields, function (err, topics) {
if (err) {
return callback(err);
}
topics.forEach(escapeTitle);
callback(null, topics);
});
};
Topics.getTopicData = function (tid, callback) {
@@ -57,8 +93,10 @@ module.exports = function (Topics) {
if (!topic) {
return;
}
topic.titleRaw = topic.title;
topic.title = validator.escape(String(topic.title));
topic.title = String(topic.title);
escapeTitle(topic);
topic.timestampISO = utils.toISOString(topic.timestamp);
topic.lastposttimeISO = utils.toISOString(topic.lastposttime);
}