Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: encode most uses of pid to avoid more bugs like #12545

Browse Source
This commit is contained in:
Opliko
2024-05-09 11:25:05 +02:00
parent 43dfb60f91
commit c973a9caba
7 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
public/src/client/topic.js
View File

@@ -302,7 +302,7 @@ define('forum/topic', [
destroyed = false;
async function renderPost(pid) {
const postData = postCache[pid] || await api.get(`/posts/${pid}/summary`);
const postData = postCache[pid] || await api.get(`/posts/${encodeURIComponent(pid)}/summary`);
$('#post-tooltip').remove();
if (postData && ajaxify.data.template.topic) {
postCache[pid] = postData;
@@ -329,11 +329,11 @@ define('forum/topic', [
const pathname = location.pathname;
const validHref = href && href !== '#' && window.location.hostname === location.hostname;
$('#post-tooltip').remove();
const postMatch = validHref && pathname && pathname.match(/\/post\/([\d]+)/);
const topicMatch = validHref && pathname && pathname.match(/\/topic\/([\d]+)/);
const postMatch = validHref && pathname && pathname.match(/\/post\/([\d]+|(?:[\w_.~!$&'()*+,;=:@-]|%[\dA-F]{2})+)/);
const topicMatch = validHref && pathname && pathname.match(/\/topic\/([\da-z-]+)/);
if (postMatch) {
const pid = postMatch[1];
if (parseInt(link.parents('[component="post"]').attr('data-pid'), 10) === parseInt(pid, 10)) {
if (link.parents('[component="post"]').attr('data-pid') === pid) {
return; // dont render self post
}

4
public/src/client/topic/delete-posts.js
View File

@@ -35,10 +35,10 @@ define('forum/topic/delete-posts', [
showPostsSelected();
deleteBtn.on('click', function () {
deletePosts(deleteBtn, pid => `/posts/${pid}/state`);
deletePosts(deleteBtn, pid => `/posts/${encodeURIComponent(pid)}/state`);
});
purgeBtn.on('click', function () {
deletePosts(purgeBtn, pid => `/posts/${pid}`);
deletePosts(purgeBtn, pid => `/posts/${encodeURIComponent(pid)}`);
});
});
};

8
public/src/client/topic/diffs.js
View File

@@ -9,7 +9,7 @@ define('forum/topic/diffs', ['api', 'bootbox', 'alerts', 'forum/topic/images'],
return;
}
api.get(`/posts/${pid}/diffs`, {}).then((data) => {
api.get(`/posts/${encodeURIComponent(pid)}/diffs`, {}).then((data) => {
parsePostHistory(data).then(($html) => {
const $modal = bootbox.dialog({
title: '[[topic:diffs.title]]',
@@ -57,7 +57,7 @@ define('forum/topic/diffs', ['api', 'bootbox', 'alerts', 'forum/topic/images'],
return;
}
api.get(`/posts/${pid}/diffs/${since}`, {}).then((data) => {
api.get(`/posts/${encodeURIComponent(pid)}/diffs/${since}`, {}).then((data) => {
data.deleted = !!parseInt(data.deleted, 10);
app.parseAndTranslate('partials/posts_list', 'posts', {
@@ -74,14 +74,14 @@ define('forum/topic/diffs', ['api', 'bootbox', 'alerts', 'forum/topic/images'],
return;
}
api.put(`/posts/${pid}/diffs/${since}`, {}).then(() => {
api.put(`/posts/${encodeURIComponent(pid)}/diffs/${since}`, {}).then(() => {
$modal.modal('hide');
alerts.success('[[topic:diffs.post-restored]]');
}).catch(alerts.error);
};
Diffs.delete = function (pid, timestamp, $selectEl, $numberOfDiffCon) {
api.del(`/posts/${pid}/diffs/${timestamp}`).then((data) => {
api.del(`/posts/${encodeURIComponent(pid)}/diffs/${timestamp}`).then((data) => {
parsePostHistory(data, 'diffs').then(($html) => {
$selectEl.empty().append($html);
$selectEl.trigger('change');

2
public/src/client/topic/move-post.js
View File

@@ -141,7 +141,7 @@ define('forum/topic/move-post', [
return;
}
Promise.all(data.pids.map(pid => api.put(`/posts/${pid}/move`, {
Promise.all(data.pids.map(pid => api.put(`/posts/${encodeURIComponent(pid)}/move`, {
tid: data.tid,
}))).then(() => {
data.pids.forEach(function (pid) {

2
public/src/client/topic/postTools.js
View File

@@ -360,7 +360,7 @@ define('forum/topic/postTools', [
function bookmarkPost(button, pid) {
const method = button.attr('data-bookmarked') === 'false' ? 'put' : 'del';
api[method](`/posts/${pid}/bookmark`, undefined, function (err) {
api[method](`/posts/${encodeURIComponent(pid)}/bookmark`, undefined, function (err) {
if (err) {
return alerts.error(err);
}

2
public/src/modules/topicThumbs.js
View File

@@ -7,7 +7,7 @@ define('topicThumbs', [
Thumbs.get = id => api.get(`/topics/${id}/thumbs`, {});
Thumbs.getByPid = pid => api.get(`/posts/${pid}`, {}).then(post => Thumbs.get(post.tid));
Thumbs.getByPid = pid => api.get(`/posts/${encodeURIComponent(pid)}`, {}).then(post => Thumbs.get(post.tid));
Thumbs.delete = (id, path) => api.del(`/topics/${id}/thumbs`, {
path: path,

2
src/topics/posts.js
View File

@@ -443,7 +443,7 @@ module.exports = function (Topics) {
await Topics.events.log(tid, {
uid,
type: 'backlink',
href: `/post/${pid}`,
href: `/post/${encodeURIComponent(pid)}`,
});
}));