resolve XSS vulnerability in flags pages

fix upgrade script changing brand:logo to absolute path
Incremented version number - v1.6.1
2025-12-16 21:40:23 +01:00 · 2017-10-13 11:54:37 -04:00 · 2017-10-11 18:06:29 -04:00 · 2017-10-11 16:21:50 +00:00 · 2017-10-11 16:21:49 +00:00 · 2017-09-14 18:04:13 +00:00
3 changed files with 6 additions and 3 deletions
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "nodebb",
  "license": "GPL-3.0",
  "description": "NodeBB Forum",
-  "version": "1.6.0",
+  "version": "1.6.1",
  "homepage": "http://www.nodebb.org",
  "repository": {
    "type": "git",
@@ -136,4 +136,4 @@
      "url": "https://github.com/barisusakli"
    }
  ]
-}
+}
--- a/src/flags.js
+++ b/src/flags.js
@@ -4,6 +4,7 @@ var async = require('async');
 var _ = require('lodash');
 var S = require('string');
 var winston = require('winston');
+var validator = require('validator');

 var db = require('./database');
 var user = require('./user');
@@ -92,6 +93,7 @@ Flags.get = function (flagId, callback) {
 			}, function (err, payload) {
 				// Final object return construction
 				next(err, Object.assign(data.base, {
+					description: validator.escape(data.base.description),
 					datetimeISO: new Date(parseInt(data.base.datetime, 10)).toISOString(),
 					target_readable: data.base.type.charAt(0).toUpperCase() + data.base.type.slice(1) + ' ' + data.base.targetId,
 					target: payload.targetObj,
@@ -200,6 +202,7 @@ Flags.list = function (filters, uid, callback) {
 					}

 					next(null, Object.assign(flagObj, {
+						description: validator.escape(flagObj.description),
 						target_readable: flagObj.type.charAt(0).toUpperCase() + flagObj.type.slice(1) + ' ' + flagObj.targetId,
 						datetimeISO: new Date(parseInt(flagObj.datetime, 10)).toISOString(),
 					}));
--- a/src/upgrades/1.6.0/generate-email-logo.js
+++ b/src/upgrades/1.6.0/generate-email-logo.js
@@ -45,7 +45,7 @@ module.exports = {
 				}

 				meta.configs.setMultiple({
-					'brand:logo': path.join(nconf.get('upload_path'), 'system', path.basename(meta.config['brand:logo'])),
+					'brand:logo': path.join('/assets/uploads/system', path.basename(meta.config['brand:logo'])),
 					'brand:emailLogo': '/assets/uploads/system/site-logo-x50.png',
 				}, next);
 			},
Author	SHA1	Message	Date
Julian Lam	95f7b7b8e8	resolve XSS vulnerability in flags pages	2017-10-13 11:54:37 -04:00
Barış Soner Uşaklı	1dbd038aef	fix upgrade script changing brand:logo to absolute path	2017-10-11 18:06:29 -04:00
Misty (Bot)	4f7e2f636c	Incremented version number - v1.6.1	2017-10-11 16:21:50 +00:00
Misty (Bot)	eb0a7f9d84	Merge commit 'df5178ce7880f0afcb07c53d1f3700881152f918' into v1.6.x	2017-10-11 16:21:49 +00:00
Misty (Bot)	02370b30d9	Incremented version number - v1.6.0	2017-09-14 18:04:13 +00:00