mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-11-03 12:36:02 +01:00
group escape fixes
This commit is contained in:
barisusakli
@@ -86,11 +86,6 @@ define('admin/manage/group', [
|
||||
groupMembersEl.on('click', 'li[data-uid]', function() {
|
||||
var uid = $(this).attr('data-uid');
|
||||
|
||||
socket.emit('admin.groups.get', groupName, function(err, groupObj){
|
||||
if (err) {
|
||||
return app.alertError(err.message);
|
||||
}
|
||||
|
||||
bootbox.confirm('Are you sure you want to remove this user?', function(confirm) {
|
||||
if (!confirm) {
|
||||
return;
|
||||
@@ -107,7 +102,6 @@ define('admin/manage/group', [
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
$('#group-icon').on('click', function() {
|
||||
iconSelect.init(groupIcon);
|
||||
|
||||
@@ -249,23 +249,41 @@ accountsController.getTopics = function(req, res, next) {
|
||||
};
|
||||
|
||||
accountsController.getGroups = function(req, res, next) {
|
||||
accountsController.getBaseUser(req.params.userslug, req.uid, function(err, userData) {
|
||||
if (err || !userData) {
|
||||
return next(err);
|
||||
}
|
||||
var userData;
|
||||
var groupsData;
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
accountsController.getBaseUser(req.params.userslug, req.uid, next);
|
||||
},
|
||||
function (_userData, next) {
|
||||
userData = _userData;
|
||||
|
||||
groups.getUserGroups([userData.uid], function(err, groupsData) {
|
||||
groups.getUserGroups([userData.uid], next);
|
||||
},
|
||||
function (_groupsData, next) {
|
||||
groupsData = _groupsData[0];
|
||||
var groupNames = groupsData.map(function(group) {
|
||||
return group.name;
|
||||
});
|
||||
|
||||
groups.getMemberUsers(groupNames, 0, 3, next);
|
||||
},
|
||||
function (members, next) {
|
||||
groupsData.forEach(function(group, index) {
|
||||
group.members = members[index];
|
||||
});
|
||||
next();
|
||||
}
|
||||
], function(err) {
|
||||
if (err) {
|
||||
return next(err);
|
||||
}
|
||||
|
||||
userData.groups = groupsData[0];
|
||||
userData.groups.forEach(groups.escapeGroupData);
|
||||
userData.groups = groupsData;
|
||||
userData.title = '[[pages:account/groups, ' + userData.username + ']]';
|
||||
userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[global:header.groups]]'}]);
|
||||
res.render('account/groups', userData);
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
function getFromUserSet(tpl, set, crumb, method, type, req, res, next) {
|
||||
|
||||
@@ -34,7 +34,6 @@ groupsController.list = function(req, res, next) {
|
||||
groups.getGroupsData(groupNames, next);
|
||||
},
|
||||
function(groupData, next) {
|
||||
groupData.forEach(groups.escapeGroupData);
|
||||
next(null, {groups: groupData, pagination: pagination.create(page, pageCount)});
|
||||
}
|
||||
], function(err, data) {
|
||||
|
||||
@@ -100,11 +100,12 @@ var async = require('async'),
|
||||
if (err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
data.groups.forEach(function(group, index) {
|
||||
if (!group) {
|
||||
return;
|
||||
}
|
||||
Groups.escapeGroupData(group);
|
||||
|
||||
group.members = data.members[index] || [];
|
||||
group.truncated = group.memberCount > data.members.length;
|
||||
});
|
||||
@@ -118,7 +119,6 @@ var async = require('async'),
|
||||
return callback(new Error('[[error:invalid-group]]'));
|
||||
}
|
||||
|
||||
options.escape = options.hasOwnProperty('escape') ? options.escape : true;
|
||||
var stop = -1;
|
||||
|
||||
async.parallel({
|
||||
@@ -174,9 +174,7 @@ var async = require('async'),
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
if (options.escape) {
|
||||
Groups.escapeGroupData(results.base);
|
||||
}
|
||||
|
||||
results.base.descriptionParsed = descriptionParsed;
|
||||
results.base.userTitleEnabled = results.base.userTitleEnabled ? !!parseInt(results.base.userTitleEnabled, 10) : true;
|
||||
@@ -401,7 +399,7 @@ var async = require('async'),
|
||||
|
||||
groupData.forEach(function(group) {
|
||||
if (group) {
|
||||
group.userTitle = validator.escape(group.userTitle) || validator.escape(group.name);
|
||||
Groups.escapeGroupData(group);
|
||||
group.userTitleEnabled = group.userTitleEnabled ? parseInt(group.userTitleEnabled, 10) === 1 : true;
|
||||
group.labelColor = group.labelColor || '#000000';
|
||||
group.createtimeISO = utils.toISOString(group.createtime);
|
||||
@@ -444,7 +442,7 @@ var async = require('async'),
|
||||
}
|
||||
});
|
||||
|
||||
Groups.getGroupsAndMembers(memberOf, next);
|
||||
Groups.getGroupsData(memberOf, next);
|
||||
});
|
||||
}, next);
|
||||
}
|
||||
|
||||
@@ -31,7 +31,7 @@ module.exports = function(Groups) {
|
||||
return !group.hidden;
|
||||
});
|
||||
}
|
||||
groupsData.forEach(Groups.escapeGroupData);
|
||||
|
||||
Groups.sort(options.sort, groupsData, next);
|
||||
}
|
||||
], callback);
|
||||
|
||||
@@ -15,13 +15,6 @@ Groups.create = function(socket, data, callback) {
|
||||
}, callback);
|
||||
};
|
||||
|
||||
Groups.get = function(socket, groupName, callback) {
|
||||
groups.get(groupName, {
|
||||
escape: false,
|
||||
uid: socket.uid
|
||||
}, callback);
|
||||
};
|
||||
|
||||
Groups.join = function(socket, data, callback) {
|
||||
if (!data) {
|
||||
return callback(new Error('[[error:invalid-data]]'));
|
||||
|
||||
Reference in New Issue
Block a user