Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-12 08:55:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: only allow numbers as scores (#7356)

Browse Source 
* zadd score checks

* fix: only allow numbers as scores

* fix: convert values to strings
This commit is contained in:
Barış Soner Uşaklı
2019-02-11 11:23:18 -05:00
committed by GitHub
parent 0fffcb3855
commit 5917dec288
6 changed files with 76 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/database/redis/sorted/add.js
View File

@@ -1,6 +1,8 @@
'use strict';
module.exports = function (redisClient, module) {
const utils = require('../../../utils');
module.sortedSetAdd = function (key, score, value, callback) {
callback = callback || function () {};
if (!key) {
@@ -9,7 +11,10 @@ module.exports = function (redisClient, module) {
if (Array.isArray(score) && Array.isArray(value)) {
return sortedSetAddMulti(key, score, value, callback);
}
redisClient.zadd(key, score, value, function (err) {
if (!utils.isNumber(score)) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + score + ']]'));
}
redisClient.zadd(key, score, String(value), function (err) {
callback(err);
});
};
@@ -22,11 +27,15 @@ module.exports = function (redisClient, module) {
if (scores.length !== values.length) {
return callback(new Error('[[error:invalid-data]]'));
}
for (let i = 0; i < scores.length; i += 1) {
if (!utils.isNumber(scores[i])) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + scores[i] + ']]'));
}
}
var args = [key];
for (var i = 0; i < scores.length; i += 1) {
args.push(scores[i], values[i]);
args.push(scores[i], String(values[i]));
}
redisClient.zadd(args, function (err) {
@@ -37,13 +46,16 @@ module.exports = function (redisClient, module) {
module.sortedSetsAdd = function (keys, score, value, callback) {
callback = callback || function () {};
if (!Array.isArray(keys) || !keys.length) {
return callback();
return setImmediate(callback);
}
if (!utils.isNumber(score)) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + score + ']]'));
}
var batch = redisClient.batch();
for (var i = 0; i < keys.length; i += 1) {
if (keys[i]) {
batch.zadd(keys[i], score, value);
batch.zadd(keys[i], score, String(value));
}
}