Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape config.userLang/acpLang, don't allow invalid language codes

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-01-13 12:27:50 -05:00
parent df5e3a7394
commit e06c1bfcd2
4 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/controllers/api.js
View File

@@ -86,8 +86,8 @@ apiController.loadConfig = async function (req) {
config.usePagination = settings.usePagination;
config.topicsPerPage = settings.topicsPerPage;
config.postsPerPage = settings.postsPerPage;
config.userLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.userLang || config.defaultLang;
config.acpLang = (req.query.lang ? validator.escape(String(req.query.lang)) : null) || settings.acpLang;
config.userLang = validator.escape(String((req.query.lang ? req.query.lang : null) || settings.userLang || config.defaultLang));
config.acpLang = validator.escape(String((req.query.lang ? req.query.lang : null) || settings.acpLang));
config.openOutgoingLinksInNewTab = settings.openOutgoingLinksInNewTab;
config.topicPostSort = settings.topicPostSort || config.topicPostSort;
config.categoryTopicSort = settings.categoryTopicSort || config.categoryTopicSort;