Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #7913, dont allow urls in fullname/location, validate birthday

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2019-09-23 23:50:04 -04:00
parent bd026cb1ae
commit babb9d7c55
2 changed files with 51 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
public/language/en-GB/error.json
View File

@@ -14,6 +14,9 @@
"invalid-username": "Invalid Username",
"invalid-email": "Invalid Email",
"invalid-fullname": "Invalid Fullname",
"invalid-location": "Invalid Location",
"invalid-birthday": "Invalid Birthday",
"invalid-title": "Invalid title",
"invalid-user-data": "Invalid User Data",
"invalid-password": "Invalid Password",

57
src/user/profile.js
View File

@@ -2,6 +2,7 @@
'use strict';
const async = require('async');
const validator = require('validator');
const utils = require('../utils');
const meta = require('../meta');
@@ -11,10 +12,12 @@ const plugins = require('../plugins');
module.exports = function (User) {
User.updateProfile = async function (uid, data) {
var fields = ['username', 'email', 'fullname', 'website', 'location',
'groupTitle', 'birthday', 'signature', 'aboutme'];
let fields = [
'username', 'email', 'fullname', 'website', 'location',
'groupTitle', 'birthday', 'signature', 'aboutme',
];
var updateUid = data.uid;
const updateUid = data.uid;
const result = await plugins.fireHook('filter:user.updateProfile', { uid: uid, data: data, fields: fields });
fields = result.fields;
@@ -51,6 +54,9 @@ module.exports = function (User) {
await isWebsiteValid(callerUid, data);
await isAboutMeValid(callerUid, data);
await isSignatureValid(callerUid, data);
isFullnameValid(data);
isLocationValid(data);
isBirthdayValid(data);
isGroupTitleValid(data);
}
@@ -101,12 +107,6 @@ module.exports = function (User) {
}
}
function isGroupTitleValid(data) {
if (data.groupTitle === 'registered-users' || groups.isPrivilegeGroup(data.groupTitle)) {
throw new Error('[[error:invalid-group-title]]');
}
}
async function isWebsiteValid(callerUid, data) {
if (!data.website) {
return;
@@ -135,6 +135,45 @@ module.exports = function (User) {
await User.checkMinReputation(callerUid, data.uid, 'min:rep:signature');
}
function isFullnameValid(data) {
if (!data.fullname) {
return;
}
if (validator.isURL(data.fullname)) {
throw new Error('[[error:invalid-fullname]]');
}
}
function isLocationValid(data) {
if (!data.location) {
return;
}
if (validator.isURL(data.location)) {
throw new Error('[[error:invalid-location]]');
}
}
function isBirthdayValid(data) {
if (!data.birthday) {
return;
}
try {
const result = new Date(data.birthday);
if (result && result.toString() === 'Invalid Date') {
throw new Error('[[error:invalid-birthday]]');
}
} catch (err) {
throw new Error('[[error:invalid-birthday]]');
}
}
function isGroupTitleValid(data) {
if (data.groupTitle === 'registered-users' || groups.isPrivilegeGroup(data.groupTitle)) {
throw new Error('[[error:invalid-group-title]]');
}
}
User.checkMinReputation = async function (callerUid, uid, setting) {
const isSelf = parseInt(callerUid, 10) === parseInt(uid, 10);
if (!isSelf || meta.config['reputation:disabled']) {