Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-01 11:35:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

group escape fixes

Browse Source
This commit is contained in:
barisusakli
2015-09-17 00:21:50 -04:00
parent 2e1661a5e8
commit 8c2fdcc77c
6 changed files with 53 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
public/src/admin/manage/group.js
View File

@@ -86,25 +86,19 @@ define('admin/manage/group', [
groupMembersEl.on('click', 'li[data-uid]', function() { groupMembersEl.on('click', 'li[data-uid]', function() {
var uid = $(this).attr('data-uid'); var uid = $(this).attr('data-uid');
socket.emit('admin.groups.get', groupName, function(err, groupObj){ bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
if (err) { if (!confirm) {
return app.alertError(err.message); return;
} }
bootbox.confirm('Are you sure you want to remove this user?', function(confirm) { socket.emit('admin.groups.leave', {
if (!confirm) { groupName: groupName,
return; uid: uid
}, function(err, data) {
if (err) {
return app.alertError(err.message);
} }
groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
socket.emit('admin.groups.leave', {
groupName: groupName,
uid: uid
}, function(err, data) {
if (err) {
return app.alertError(err.message);
}
groupMembersEl.find('li[data-uid="' + uid + '"]').remove();
});
}); });
}); });
}); });

46
src/controllers/accounts.js
View File

@@ -249,22 +249,40 @@ accountsController.getTopics = function(req, res, next) {
}; };
accountsController.getGroups = function(req, res, next) { accountsController.getGroups = function(req, res, next) {
accountsController.getBaseUser(req.params.userslug, req.uid, function(err, userData) { var userData;
if (err || !userData) { var groupsData;
async.waterfall([
function (next) {
accountsController.getBaseUser(req.params.userslug, req.uid, next);
},
function (_userData, next) {
userData = _userData;
groups.getUserGroups([userData.uid], next);
},
function (_groupsData, next) {
groupsData = _groupsData[0];
var groupNames = groupsData.map(function(group) {
return group.name;
});
groups.getMemberUsers(groupNames, 0, 3, next);
},
function (members, next) {
groupsData.forEach(function(group, index) {
group.members = members[index];
});
next();
}
], function(err) {
if (err) {
return next(err); return next(err);
} }
groups.getUserGroups([userData.uid], function(err, groupsData) { userData.groups = groupsData;
if (err) { userData.title = '[[pages:account/groups, ' + userData.username + ']]';
return next(err); userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
} res.render('account/groups', userData);
userData.groups = groupsData[0];
userData.groups.forEach(groups.escapeGroupData);
userData.title = '[[pages:account/groups, ' + userData.username + ']]';
userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
res.render('account/groups', userData);
});
}); });
}; };
@@ -375,7 +393,7 @@ accountsController.accountEdit = function(req, res, callback) {
} }
userData['username:disableEdit'] = parseInt(meta.config['username:disableEdit'], 10) === 1; userData['username:disableEdit'] = parseInt(meta.config['username:disableEdit'], 10) === 1;
userData.hasPassword = !!password; userData.hasPassword = !!password;
userData.title = '[[pages:account/edit, ' + userData.username + ']]'; userData.title = '[[pages:account/edit, ' + userData.username + ']]';
userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]); userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]);

9
src/controllers/admin/groups.js
View File

@@ -34,7 +34,6 @@ groupsController.list = function(req, res, next) {
groups.getGroupsData(groupNames, next); groups.getGroupsData(groupNames, next);
}, },
function(groupData, next) { function(groupData, next) {
groupData.forEach(groups.escapeGroupData);
next(null, {groups: groupData, pagination: pagination.create(page, pageCount)}); next(null, {groups: groupData, pagination: pagination.create(page, pageCount)});
} }
], function(err, data) { ], function(err, data) {
@@ -43,10 +42,10 @@ groupsController.list = function(req, res, next) {
} }
res.render('admin/manage/groups', { res.render('admin/manage/groups', {
groups: data.groups, groups: data.groups,
pagination: data.pagination, pagination: data.pagination,
yourid: req.user.uid yourid: req.user.uid
}); });
}); });
}; };

14
src/groups.js
View File

@@ -88,7 +88,7 @@ var async = require('async'),
db.getSortedSetRevRange(set, start, stop, callback); db.getSortedSetRevRange(set, start, stop, callback);
}; };
Groups.getGroupsAndMembers = function(groupNames, callback) { Groups.getGroupsAndMembers = function(groupNames, callback) {
async.parallel({ async.parallel({
groups: function(next) { groups: function(next) {
Groups.getGroupsData(groupNames, next); Groups.getGroupsData(groupNames, next);
@@ -100,11 +100,12 @@ var async = require('async'),
if (err) { if (err) {
return callback(err); return callback(err);
} }
data.groups.forEach(function(group, index) { data.groups.forEach(function(group, index) {
if (!group) { if (!group) {
return; return;
} }
Groups.escapeGroupData(group);
group.members = data.members[index] || []; group.members = data.members[index] || [];
group.truncated = group.memberCount > data.members.length; group.truncated = group.memberCount > data.members.length;
}); });
@@ -118,7 +119,6 @@ var async = require('async'),
return callback(new Error('[[error:invalid-group]]')); return callback(new Error('[[error:invalid-group]]'));
} }
options.escape = options.hasOwnProperty('escape') ? options.escape : true;
var stop = -1; var stop = -1;
async.parallel({ async.parallel({
@@ -174,9 +174,7 @@ var async = require('async'),
return callback(err); return callback(err);
} }
if (options.escape) { Groups.escapeGroupData(results.base);
Groups.escapeGroupData(results.base);
}
results.base.descriptionParsed = descriptionParsed; results.base.descriptionParsed = descriptionParsed;
results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true; results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true;
@@ -401,7 +399,7 @@ var async = require('async'),
groupData.forEach(function(group) { groupData.forEach(function(group) {
if (group) { if (group) {
group.userTitle = validator.escape(group.userTitle) || validator.escape(group.name); Groups.escapeGroupData(group);
group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true; group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true;
group.labelColor = group.labelColor || '#000000'; group.labelColor = group.labelColor || '#000000';
group.createtimeISO = utils.toISOString(group.createtime); group.createtimeISO = utils.toISOString(group.createtime);
@@ -444,7 +442,7 @@ var async = require('async'),
} }
}); });
Groups.getGroupsAndMembers(memberOf, next); Groups.getGroupsData(memberOf, next);
}); });
}, next); }, next);
} }

2
src/groups/search.js
View File

@@ -31,7 +31,7 @@ module.exports = function(Groups) {
return !group.hidden; return !group.hidden;
}); });
} }
groupsData.forEach(Groups.escapeGroupData);
Groups.sort(options.sort, groupsData, next); Groups.sort(options.sort, groupsData, next);
} }
], callback); ], callback);

7
src/socket.io/admin/groups.js
View File

@@ -15,13 +15,6 @@ Groups.create = function(socket, data, callback) {
}, callback); }, callback);
}; };
Groups.get = function(socket, groupName, callback) {
groups.get(groupName, {
escape: false,
uid: socket.uid
}, callback);
};
Groups.join = function(socket, data, callback) { Groups.join = function(socket, data, callback) {
if (!data) { if (!data) {
return callback(new Error('[[error:invalid-data]]')); return callback(new Error('[[error:invalid-data]]'));