Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

reverted change where post title was sanitized on saving (which didn't

Browse Source 
seem to work), now sanitizing post title on output
This commit is contained in:
Julian Lam
2013-10-01 11:54:00 -04:00
parent 3d4802ac68
commit 9613ea9018
4 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/postTools.js
View File

@@ -5,6 +5,7 @@ var RDB = require('./redis.js'),
user = require('./user.js'),
async = require('async'),
nconf = require('nconf'),
validator = require('validator'),
utils = require('../public/src/utils'),
plugins = require('./plugins'),
@@ -92,10 +93,9 @@ var RDB = require('./redis.js'),
], function(err, results) {
io.sockets.in('topic_' + results[0].tid).emit('event:post_edited', {
pid: pid,
title: title,
title: validator.sanitize(title).escape(),
isMainPost: results[0].isMainPost,
content: results[1]
});
});
};

9
src/topics.js
View File

@@ -15,15 +15,17 @@ schema = require('./schema.js'),
topicSearch = reds.createSearch('nodebbtopicsearch'),
validator = require('validator');
(function(Topics) {
Topics.getTopicData = function(tid, callback) {
RDB.hgetall('topic:' + tid, function(err, data) {
if (err === null)
if (err === null) {
data.title = validator.sanitize(data.title).escape();
callback(data);
else
} else {
console.log(err);
}
});
}
@@ -658,7 +660,6 @@ schema = require('./schema.js'),
var slug = tid + '/' + utils.slugify(title);
var timestamp = Date.now();
title = validator.sanitize(title).escape();
RDB.hmset('topic:' + tid, {
'tid': tid,
'uid': uid,

5
src/webserver.js
View File

@@ -309,7 +309,8 @@ var express = require('express'),
},
function (topicData, next) {
var lastMod = 0,
timestamp;
timestamp,
sanitize = validator.sanitize;
for (var x = 0, numPosts = topicData.posts.length; x < numPosts; x++) {
timestamp = parseInt(topicData.posts[x].timestamp, 10);
@@ -324,7 +325,7 @@ var express = require('express'),
content: topicData.topic_name
}, {
name: "description",
content: validator.sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '')
content: sanitize(topicData.main_posts[0].content.substr(0, 255)).escape().replace('\n', '')
}, {
property: 'og:title',
content: topicData.topic_name + ' | ' + (meta.config.title || 'NodeBB')