resolved #1060

2025-11-02 12:05:57 +01:00 · 2014-02-19 17:23:25 -05:00
parent ea222c4f8a
commit f50d77bca0
7 changed files with 7 additions and 9 deletions
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
    "rss": "~0.2.0",
    "prompt": "~0.2.11",
    "uglify-js": "~2.4.0",
-    "validator": "~1.5.1",
+    "validator": "~3.2.1",
    "nodebb-plugin-mentions": "~0.4",
    "nodebb-plugin-markdown": "~0.3",
    "nodebb-theme-vanilla": "~0.0.13",
--- a/src/postTools.js
+++ b/src/postTools.js
@@ -108,7 +108,7 @@ var winston = require('winston'),
 				], function(err, results) {
 					websockets.in('topic_' + results[0].tid).emit('event:post_edited', {
 						pid: pid,
-						title: validator.sanitize(title).escape(),
+						title: validator.escape(title),
 						isMainPost: results[0].isMainPost,
 						content: results[1]
 					});
--- a/src/posts.js
+++ b/src/posts.js
@@ -291,7 +291,7 @@ var db = require('./database'),
 							postData.categoryName = categoryData.name;
 							postData.categoryIcon = categoryData.icon;
 							postData.categorySlug = categoryData.slug;
-							postData.title = validator.sanitize(topicData.title).escape();
+							postData.title = validator.escape(topicData.title);
 							postData.topicSlug = topicData.slug;
 							next(null, postData);
 						})
--- a/src/routes/plugins.js
+++ b/src/routes/plugins.js
@@ -13,7 +13,7 @@ var	nconf = require('nconf'),
 				if (typeof returnData === 'object') {
 					res.json(200, returnData);
 				} else {
-					res.send(200, validator.sanitize(returnData).escape());
+					res.send(200, validator.escape(returnData));
 				}
 			});
 		});
--- a/src/topics.js
+++ b/src/topics.js
@@ -279,7 +279,7 @@ var async = require('async'),
 			}

 			if(data) {
-				data.title = validator.sanitize(data.title).escape();
+				data.title = validator.escape(data.title);
 				data.relativeTime = utils.toISOString(data.timestamp);
 			}

--- a/src/user.js
+++ b/src/user.js
@@ -4,7 +4,6 @@ var bcrypt = require('bcryptjs'),
 	winston = require('winston'),
 	gravatar = require('gravatar'),
 	check = require('validator').check,
-	sanitize = require('validator').sanitize,
 	S = require('string'),

 	utils = require('./../public/src/utils'),
@@ -335,7 +334,7 @@ var bcrypt = require('bcryptjs'),
 			}

 			data[field] = data[field].trim();
-			data[field] = sanitize(data[field]).escape();
+			data[field] = validator.escape(data[field]);

 			if (field === 'email') {
 				User.getUserFields(uid, ['email', 'picture', 'uploadedpicture'], function(err, userData) {
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -574,7 +574,6 @@ module.exports.server = server;
 				function (topicData, next) {

 					var lastMod = topicData.timestamp,
-						sanitize = validator.sanitize,
 						description = (function() {
 							var	content = '';
 							if(topicData.posts.length) {
@@ -585,7 +584,7 @@ module.exports.server = server;
 								content = content.substr(0, 255) + '...';
 							}

-							return sanitize(content).escape();
+							return validator.escape(content);
 						})(),
 						timestamp;