fix: #11735, crash when making guest reply

to /api/compose route
This commit is contained in:
Barış Soner Uşaklı
2023-06-20 18:51:46 -04:00
parent 090a792168
commit f2fe7c0686
2 changed files with 47 additions and 4 deletions

View File

@@ -76,13 +76,20 @@ exports.post = async function (req, res) {
} else { } else {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
if (!result) {
throw new Error('[[error:invalid-data]]');
}
if (result.queued) { if (result.queued) {
return res.redirect(`${nconf.get('relative_path') || '/'}?noScriptMessage=[[success:post-queued]]`); return res.redirect(`${nconf.get('relative_path') || '/'}?noScriptMessage=[[success:post-queued]]`);
} }
const uid = result.uid ? result.uid : result.topicData.uid; user.updateOnlineUsers(req.uid);
user.updateOnlineUsers(uid); let path = nconf.get('relative_path');
const path = result.pid ? `/post/${result.pid}` : `/topic/${result.topicData.slug}`; if (result.pid) {
res.redirect(nconf.get('relative_path') + path); path += `/post/${result.pid}`;
} else if (result.topicData) {
path += `/topic/${result.topicData.slug}`;
}
res.redirect(path);
} catch (err) { } catch (err) {
helpers.noScriptErrors(req, res, err.message, 400); helpers.noScriptErrors(req, res, err.message, 400);
} }

View File

@@ -2682,6 +2682,42 @@ describe('Controllers', () => {
}); });
}); });
}); });
it('should create a new topic and reply by composer route as a guest', async () => {
const jar = request.jar();
const csrf_token = await helpers.getCsrfToken(jar);
const data = {
cid: cid,
title: 'no js is good',
content: 'a topic with noscript',
handle: 'guest1',
};
await privileges.categories.give(['groups:topics:create', 'groups:topics:reply'], cid, 'guests');
const result = await helpers.request('post', `/compose`, {
form: data,
jar,
headers: {
'x-csrf-token': csrf_token,
},
});
assert.strictEqual(result.res.statusCode, 302);
const replyResult = await helpers.request('post', `/compose`, {
form: {
tid: tid,
content: 'a new reply',
handle: 'guest2',
},
jar,
headers: {
'x-csrf-token': csrf_token,
},
});
assert.equal(replyResult.res.statusCode, 302);
await privileges.categories.rescind(['groups:topics:post', 'groups:topics:reply'], cid, 'guests');
});
}); });
describe('test routes', () => { describe('test routes', () => {