mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-11-07 14:35:47 +01:00
some escaping and fixed uploads in progress
This commit is contained in:
barisusakli
@@ -341,7 +341,7 @@ define('forum/topic', ['forum/pagination', 'forum/infinitescroll', 'forum/topic/
|
||||
|
||||
findInsertionPoint();
|
||||
|
||||
data.title = ajaxify.variables.get('topic_name');
|
||||
data.title = $('<div></div>').text(ajaxify.variables.get('topic_name')).html();
|
||||
data.viewcount = ajaxify.variables.get('viewcount');
|
||||
|
||||
infinitescroll.parseAndTranslate('topic', 'posts', data, function(html) {
|
||||
|
||||
@@ -209,7 +209,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
|
||||
bodyEl = postContainer.find('textarea'),
|
||||
draft = drafts.getDraft(postData.save_id);
|
||||
|
||||
postData.title = $('<div></div>').html(postData.title).text();
|
||||
postData.title = $('<div></div>').text(postData.title).html();
|
||||
|
||||
updateTitle(postData, postContainer);
|
||||
|
||||
@@ -408,9 +408,9 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
|
||||
$('body').css({'margin-bottom': postContainer.css('height')});
|
||||
|
||||
if (env !== 'sm' && env !== 'xs') {
|
||||
focusElements(post_uuid);
|
||||
focusElements(post_uuid);
|
||||
}
|
||||
|
||||
|
||||
resizeTabContent(postContainer);
|
||||
}
|
||||
|
||||
@@ -455,7 +455,7 @@ define('composer', ['taskbar', 'composer/controls', 'composer/uploads', 'compose
|
||||
|
||||
var checkTitle = parseInt(postData.cid, 10) || parseInt(postData.pid, 10);
|
||||
|
||||
if (postData.uploadsInProgress && postData.uploadsInProgress.length) {
|
||||
if (uploads.inProgress[post_uuid] && uploads.inProgress[post_uuid].length) {
|
||||
return composerAlert('[[error:still-uploading]]');
|
||||
} else if (checkTitle && titleEl.val().length < parseInt(config.minimumTitleLength, 10)) {
|
||||
return composerAlert('[[error:title-too-short, ' + config.minimumTitleLength + ']]');
|
||||
|
||||
@@ -3,7 +3,9 @@
|
||||
/* globals define, utils, config, app */
|
||||
|
||||
define('composer/uploads', function() {
|
||||
var uploads = {};
|
||||
var uploads = {
|
||||
inProgress: {}
|
||||
};
|
||||
|
||||
uploads.initialize = function(post_uuid) {
|
||||
|
||||
@@ -234,8 +236,8 @@ define('composer/uploads', function() {
|
||||
formData.append('_csrf', $('#csrf_token').val());
|
||||
}
|
||||
|
||||
uploads[post_uuid] = uploads[post_uuid] || [];
|
||||
uploads[post_uuid].push(1);
|
||||
uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
|
||||
uploads.inProgress[post_uuid].push(1);
|
||||
|
||||
$(this).ajaxSubmit({
|
||||
resetForm: true,
|
||||
@@ -264,7 +266,7 @@ define('composer/uploads', function() {
|
||||
|
||||
complete: function() {
|
||||
uploadForm[0].reset();
|
||||
uploads[post_uuid].pop();
|
||||
uploads.inProgress[post_uuid].pop();
|
||||
}
|
||||
});
|
||||
|
||||
@@ -293,8 +295,8 @@ define('composer/uploads', function() {
|
||||
|
||||
spinner.removeClass('hide');
|
||||
|
||||
uploads[post_uuid] = uploads[post_uuid] || [];
|
||||
uploads[post_uuid].push(1);
|
||||
uploads.inProgress[post_uuid] = uploads.inProgress[post_uuid] || [];
|
||||
uploads.inProgress[post_uuid].push(1);
|
||||
|
||||
$(this).ajaxSubmit({
|
||||
formData: formData,
|
||||
@@ -305,7 +307,7 @@ define('composer/uploads', function() {
|
||||
postContainer.find('#topic-thumb-url').val((uploads[0] || {}).url || '').trigger('change');
|
||||
},
|
||||
complete: function() {
|
||||
uploads[post_uuid].pop();
|
||||
uploads.inProgress[post_uuid].pop();
|
||||
spinner.addClass('hide');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -24,7 +24,7 @@ define('notifications', ['sounds'], function(sound) {
|
||||
} else {
|
||||
image = '';
|
||||
}
|
||||
|
||||
notification.text = $('<div/>').text(notification.text).html();
|
||||
return '<li class="' + (notification.readClass || '') + '"><a href="' + (notification.path || '#') + '">' + image + '<span class="pull-right relTime">' + utils.relativeTime(notification.datetime, true) + '</span><span class="text">' + notification.text + '</span></a></li>';
|
||||
}
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ define('taskbar', function() {
|
||||
var element = taskbar.tasklist.find('li[data-uuid="'+uuid+'"]');
|
||||
if(element.length)
|
||||
return;
|
||||
var title = $('<div></div>').html(options.title || 'NodeBB Task').text();
|
||||
var title = $('<div></div>').text(options.title || 'NodeBB Task').html();
|
||||
|
||||
var btnEl = $('<li />')
|
||||
.html('<a href="#">' +
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
'use strict';
|
||||
|
||||
var async = require('async'),
|
||||
validator = require('validator'),
|
||||
db = require('../database'),
|
||||
utils = require('../../public/src/utils'),
|
||||
plugins = require('../plugins'),
|
||||
@@ -229,6 +230,7 @@ module.exports = function(Topics) {
|
||||
Topics.getTopicFields(tid, ['tid', 'title', 'slug'], next);
|
||||
},
|
||||
function(topicData, next) {
|
||||
topicData.title = validator.escape(topicData.title);
|
||||
postData.topic = topicData;
|
||||
next();
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user