Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 19:15:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolved #1060

Browse Source
This commit is contained in:
Julian Lam
2014-02-19 17:23:25 -05:00
parent ea222c4f8a
commit f50d77bca0
7 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -36,7 +36,7 @@
"rss": "~0.2.0", "rss": "~0.2.0",
"prompt": "~0.2.11", "prompt": "~0.2.11",
"uglify-js": "~2.4.0", "uglify-js": "~2.4.0",
"validator": "~1.5.1", "validator": "~3.2.1",
"nodebb-plugin-mentions": "~0.4", "nodebb-plugin-mentions": "~0.4",
"nodebb-plugin-markdown": "~0.3", "nodebb-plugin-markdown": "~0.3",
"nodebb-theme-vanilla": "~0.0.13", "nodebb-theme-vanilla": "~0.0.13",

2
src/postTools.js
View File

@@ -108,7 +108,7 @@ var winston = require('winston'),
], function(err, results) { ], function(err, results) {
websockets.in('topic_' + results[0].tid).emit('event:post_edited', { websockets.in('topic_' + results[0].tid).emit('event:post_edited', {
pid: pid, pid: pid,
title: validator.sanitize(title).escape(), title: validator.escape(title),
isMainPost: results[0].isMainPost, isMainPost: results[0].isMainPost,
content: results[1] content: results[1]
}); });

2
src/posts.js
View File

@@ -291,7 +291,7 @@ var db = require('./database'),
postData.categoryName = categoryData.name; postData.categoryName = categoryData.name;
postData.categoryIcon = categoryData.icon; postData.categoryIcon = categoryData.icon;
postData.categorySlug = categoryData.slug; postData.categorySlug = categoryData.slug;
postData.title = validator.sanitize(topicData.title).escape(); postData.title = validator.escape(topicData.title);
postData.topicSlug = topicData.slug; postData.topicSlug = topicData.slug;
next(null, postData); next(null, postData);
}) })

2
src/routes/plugins.js
View File

@@ -13,7 +13,7 @@ var nconf = require('nconf'),
if (typeof returnData === 'object') { if (typeof returnData === 'object') {
res.json(200, returnData); res.json(200, returnData);
} else { } else {
res.send(200, validator.sanitize(returnData).escape()); res.send(200, validator.escape(returnData));
} }
}); });
}); });

2
src/topics.js
View File

@@ -279,7 +279,7 @@ var async = require('async'),
} }
if(data) { if(data) {
data.title = validator.sanitize(data.title).escape(); data.title = validator.escape(data.title);
data.relativeTime = utils.toISOString(data.timestamp); data.relativeTime = utils.toISOString(data.timestamp);
} }

3
src/user.js
View File

@@ -4,7 +4,6 @@ var bcrypt = require('bcryptjs'),
winston = require('winston'), winston = require('winston'),
gravatar = require('gravatar'), gravatar = require('gravatar'),
check = require('validator').check, check = require('validator').check,
sanitize = require('validator').sanitize,
S = require('string'), S = require('string'),
utils = require('./../public/src/utils'), utils = require('./../public/src/utils'),
@@ -335,7 +334,7 @@ var bcrypt = require('bcryptjs'),
} }
data[field] = data[field].trim(); data[field] = data[field].trim();
data[field] = sanitize(data[field]).escape(); data[field] = validator.escape(data[field]);
if (field === 'email') { if (field === 'email') {
User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) { User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) {

3
src/webserver.js
View File

@@ -574,7 +574,6 @@ module.exports.server = server;
function (topicData, next) { function (topicData, next) {
var lastMod = topicData.timestamp, var lastMod = topicData.timestamp,
sanitize = validator.sanitize,
description = (function() { description = (function() {
var content = ''; var content = '';
if(topicData.posts.length) { if(topicData.posts.length) {
@@ -585,7 +584,7 @@ module.exports.server = server;
content = content.substr(0, 255) + '...'; content = content.substr(0, 255) + '...';
} }
return sanitize(content).escape(); return validator.escape(content);
})(), })(),
timestamp; timestamp;