Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape system message, don't allow editing system messages

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-01-19 22:20:43 -05:00
parent c8fb7f9246
commit 6a63c1a100
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/messaging/data.js
View File

@@ -1,5 +1,7 @@
'use strict'; 'use strict';
const validator = require('validator');
var db = require('../database'); var db = require('../database');
var user = require('../user'); var user = require('../user');
var utils = require('../utils'); var utils = require('../utils');
@@ -79,6 +81,7 @@ module.exports = function (Messaging) {
messages = await Promise.all(messages.map(async (message) => { messages = await Promise.all(messages.map(async (message) => {
if (message.system) { if (message.system) {
message.content = validator.escape(String(message.content));
return message; return message;
} }

6
src/messaging/edit.js
View File

@@ -57,10 +57,10 @@ module.exports = function (Messaging) {
const [isAdmin, messageData] = await Promise.all([ const [isAdmin, messageData] = await Promise.all([
user.isAdministrator(uid), user.isAdministrator(uid),
Messaging.getMessageFields(messageId, ['fromuid', 'timestamp']), Messaging.getMessageFields(messageId, ['fromuid', 'timestamp', 'system']),
]); ]);
if (isAdmin) { if (isAdmin && !messageData.system) {
return; return;
} }
var chatConfigDuration = meta.config[durationConfig]; var chatConfigDuration = meta.config[durationConfig];
@@ -68,7 +68,7 @@ module.exports = function (Messaging) {
throw new Error('[[error:chat-' + type + '-duration-expired, ' + meta.config[durationConfig] + ']]'); throw new Error('[[error:chat-' + type + '-duration-expired, ' + meta.config[durationConfig] + ']]');
} }
if (messageData.fromuid === parseInt(uid, 10)) { if (messageData.fromuid === parseInt(uid, 10) && !messageData.system) {
return; return;
} }

5
test/messaging.js
View File

@@ -119,7 +119,10 @@ describe('Messaging Library', function () {
assert.equal(messages.length, 1); assert.equal(messages.length, 1);
assert.strictEqual(messages[0].system, true); assert.strictEqual(messages[0].system, true);
assert.strictEqual(messages[0].content, 'user-join'); assert.strictEqual(messages[0].content, 'user-join');
done(); socketModules.chats.edit({ uid: fooUid }, { roomId: roomId, mid: messages[0].messageId, message: 'test' }, function (err) {
assert.equal(err.message, '[[error:cant-edit-chat-message]]');
done();
});
}); });
}); });