From 577a646adcb712883b8d24aa24269088d199f68e Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 16 Jan 2015 17:02:58 -0500 Subject: [PATCH 1/4] this should appease @barisusakli --- public/src/client/groups/list.js | 2 +- src/groups.js | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/public/src/client/groups/list.js b/public/src/client/groups/list.js index 3fc76a4962..d4a92ac9aa 100644 --- a/public/src/client/groups/list.js +++ b/public/src/client/groups/list.js @@ -10,7 +10,7 @@ define('forum/groups/list', function() { groupsEl.on('click', '.list-cover', function() { var groupName = $(this).parents('[data-group]').attr('data-group'); - ajaxify.go('groups/' + groupName); + ajaxify.go('groups/' + encodeURIComponent(groupName)); }); // Group creation diff --git a/src/groups.js b/src/groups.js index 696d8a690f..78e874851c 100644 --- a/src/groups.js +++ b/src/groups.js @@ -7,6 +7,7 @@ var async = require('async'), path = require('path'), nconf = require('nconf'), fs = require('fs'), + validator = require('validator'), user = require('./user'), meta = require('./meta'), @@ -202,6 +203,9 @@ var async = require('async'), results.base['cover:position'] = '50% 50%'; } + results.base.name = validator.escape(results.base.name); + results.base.description = validator.escape(results.base.description); + results.base.userTitle = validator.escape(results.base.userTitle); results.base.members = results.users.filter(Boolean); results.base.pending = results.pending.filter(Boolean); results.base.count = numUsers || results.base.members.length; From 8ba05c08fef9778bafcfcaf00f66156b64f79610 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 16 Jan 2015 17:03:05 -0500 Subject: [PATCH 2/4] category privilege rescinding --- src/privileges/categories.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/privileges/categories.js b/src/privileges/categories.js index 7662ef5913..5ff70730d4 100644 --- a/src/privileges/categories.js +++ b/src/privileges/categories.js @@ -143,6 +143,12 @@ module.exports = function(privileges) { }, callback); }; + privileges.categories.rescind = function(privileges, cid, groupName, callback) { + async.each(privileges, function(privilege, next) { + groups.leave('cid:' + cid + ':privileges:groups:' + privilege, groupName, next); + }, callback); + }; + privileges.categories.canMoveAllTopics = function(currentCid, targetCid, uid, callback) { async.parallel({ isAdministrator: function(next) { From 04be40158cae5266022f93e40b221e822a11b897 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Fri, 16 Jan 2015 20:14:39 -0500 Subject: [PATCH 3/4] if you attempt to join a group when you're already in a group, you can't anymore. --- public/language/en_GB/error.json | 1 + src/groups.js | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/public/language/en_GB/error.json b/public/language/en_GB/error.json index 251db61998..fed0c807c9 100644 --- a/public/language/en_GB/error.json +++ b/public/language/en_GB/error.json @@ -65,6 +65,7 @@ "group-name-too-short": "Group name too short", "group-already-exists": "Group already exists", "group-name-change-not-allowed": "Group name change not allowed", + "group-already-member": "You are already part of this group", "post-already-deleted": "This post has already been deleted", "post-already-restored": "This post has already been restored", diff --git a/src/groups.js b/src/groups.js index 78e874851c..8f64ea57bd 100644 --- a/src/groups.js +++ b/src/groups.js @@ -615,15 +615,26 @@ var async = require('async'), }; Groups.requestMembership = function(groupName, uid, callback) { - if (parseInt(uid, 10) > 0) { - db.setAdd('group:' + groupName + ':pending', uid, callback); - plugins.fireHook('action:group.requestMembership', { - groupName: groupName, - uid: uid - }); - } else { - callback(new Error('[[error:not-logged-in]]')); - } + async.parallel({ + exists: async.apply(Groups.isMember, uid, groupName), + isMember: async.apply(Groups.exists, groupName) + }, function(err, checks) { + if (!checks.exists) { + return callback(new Error('[[error:no-group]]')); + } else if (checks.isMember) { + return callback(new Error('[[error:group-already-member]]')); + } + + if (parseInt(uid, 10) > 0) { + db.setAdd('group:' + groupName + ':pending', uid, callback); + plugins.fireHook('action:group.requestMembership', { + groupName: groupName, + uid: uid + }); + } else { + callback(new Error('[[error:not-logged-in]]')); + } + }); }; Groups.acceptMembership = function(groupName, uid, callback) { From f67053df527c6da344f183f22a1f7010854a35ee Mon Sep 17 00:00:00 2001 From: barisusakli Date: Sat, 17 Jan 2015 15:06:12 -0500 Subject: [PATCH 4/4] figure out pathname, dont crash if callback isnt supplied --- public/src/client/groups/details.js | 4 +++- src/database/redis/main.js | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/public/src/client/groups/details.js b/public/src/client/groups/details.js index c439216d25..0ef47b3fd8 100644 --- a/public/src/client/groups/details.js +++ b/public/src/client/groups/details.js @@ -120,7 +120,9 @@ define('forum/groups/details', ['iconSelect', 'vendor/colorpicker/colorpicker', } if (settings.name) { - ajaxify.go('groups/' + encodeURIComponent(settings.name)); + var pathname = window.location.pathname; + pathname = pathname.substr(1, pathname.lastIndexOf('/')); + ajaxify.go(pathname + encodeURIComponent(settings.name)); } else { ajaxify.refresh(); } diff --git a/src/database/redis/main.js b/src/database/redis/main.js index 5157386d3b..9b08e4af65 100644 --- a/src/database/redis/main.js +++ b/src/database/redis/main.js @@ -77,6 +77,7 @@ module.exports = function(redisClient, module) { }; module.deleteAll = function(keys, callback) { + callback = callback || function() {}; var multi = redisClient.multi(); for(var i=0; i