Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-01 11:35:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

escape on the way out, fixes birthday/age calculation

Browse Source
This commit is contained in:
barisusakli
2015-04-14 14:16:06 -04:00
parent eaa442db8c
commit f7a3aef322
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/controllers/accounts.js
View File

@@ -89,10 +89,17 @@ function getUserDataByUserSlug(userslug, callerUID, callback) {
userData.profile_links = results.profile_links; userData.profile_links = results.profile_links;
userData.status = require('../socket.io').isUserOnline(userData.uid) ? (userData.status || 'online') : 'offline'; userData.status = require('../socket.io').isUserOnline(userData.uid) ? (userData.status || 'online') : 'offline';
userData.banned = parseInt(userData.banned, 10) === 1; userData.banned = parseInt(userData.banned, 10) === 1;
userData.websiteName = userData.website.replace(validator.escape('http://'), '').replace(validator.escape('https://'), ''); userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
userData.followingCount = parseInt(userData.followingCount, 10) || 0; userData.followingCount = parseInt(userData.followingCount, 10) || 0;
userData.followerCount = parseInt(userData.followerCount, 10) || 0; userData.followerCount = parseInt(userData.followerCount, 10) || 0;
userData.username = validator.escape(userData.username);
userData.email = validator.escape(userData.email);
userData.fullname = validator.escape(userData.fullname);
userData.websiteName = validator.escape(userData.websiteName);
userData.location = validator.escape(userData.location);
userData.signature = validator.escape(userData.signature);
callback(null, userData); callback(null, userData);
}); });
}); });

5
src/user/profile.js
View File

@@ -111,7 +111,6 @@ module.exports = function(User) {
} }
data[field] = data[field].trim(); data[field] = data[field].trim();
data[field] = validator.escape(data[field]);
if (field === 'email') { if (field === 'email') {
return updateEmail(uid, data.email, next); return updateEmail(uid, data.email, next);
@@ -122,8 +121,8 @@ module.exports = function(User) {
} else if (field === 'signature') { } else if (field === 'signature') {
data[field] = S(data[field]).stripTags().s; data[field] = S(data[field]).stripTags().s;
} else if (field === 'website') { } else if (field === 'website') {
if (!data[field].startsWith(validator.escape('http://')) && !data[field].startsWith(validator.escape('https://'))) { if (!data[field].startsWith('http://') && !data[field].startsWith('https://')) {
data[field] = validator.escape('http://') + data[field]; data[field] = 'http://' + data[field];
} }
} }