Merge branch 'develop' into bootstrap5

src/controllers/search.js

@@ -29,11 +29,15 @@ searchController.search = async function (req, res, next) {
 		'search:tags': privileges.global.can('search:tags', req.uid),
 	});
 	req.query.in = req.query.in || meta.config.searchDefaultIn || 'titlesposts';
-	const allowed = (req.query.in === 'users' && userPrivileges['search:users']) ||
+	let allowed = (req.query.in === 'users' && userPrivileges['search:users']) ||
 					(req.query.in === 'tags' && userPrivileges['search:tags']) ||
 					(req.query.in === 'categories') ||
 					(['titles', 'titlesposts', 'posts'].includes(req.query.in) && userPrivileges['search:content']);
-
+	({ allowed } = await plugins.hooks.fire('filter:search.isAllowed', {
+		uid: req.uid,
+		query: req.query,
+		allowed,
+	}));
 	if (!allowed) {
 		return helpers.notAllowed(req, res);
 	}

src/routes/authentication.js

@@ -157,7 +157,7 @@ Auth.reloadRoutes = async function (params) {
 
 	router.post('/register', middlewares, controllers.authentication.register);
 	router.post('/register/complete', middlewares, controllers.authentication.registerComplete);
-	router.post('/register/abort', controllers.authentication.registerAbort);
+	router.post('/register/abort', Auth.middleware.applyCSRF, controllers.authentication.registerAbort);
 	router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);
 	router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);
 };

src/search.js

@@ -15,7 +15,6 @@ const search = module.exports;
 
 search.search = async function (data) {
 	const start = process.hrtime();
-	data.searchIn = data.searchIn || 'titlesposts';
 	data.sortBy = data.sortBy || 'relevance';
 
 	let result;
@@ -27,6 +26,10 @@ search.search = async function (data) {
 		result = await categories.search(data);
 	} else if (data.searchIn === 'tags') {
 		result = await topics.searchAndLoadTags(data);
+	} else if (data.searchIn) {
+		result = await plugins.hooks.fire('filter:search.searchIn', {
+			data,
+		});
 	} else {
 		throw new Error('[[error:unknown-search-filter]]');
 	}
@@ -108,6 +111,7 @@ async function searchInContent(data) {
 	returnData.posts = await posts.getPostSummaryByPids(metadata.pids, data.uid, {});
 	await plugins.hooks.fire('filter:search.contentGetResult', { result: returnData, data: data });
 	delete metadata.pids;
+	delete metadata.data;
 	return Object.assign(returnData, metadata);
 }
 

src/upgrades/1.11.0/navigation_visibility_groups.js

@@ -4,9 +4,7 @@ module.exports = {
 	name: 'Navigation item visibility groups',
 	timestamp: Date.UTC(2018, 10, 10),
 	method: async function () {
-		const navigationAdmin = require('../../navigation/admin');
-
-		const data = await navigationAdmin.get();
+		const data = await navigationAdminGet();
 		data.forEach((navItem) => {
 			if (navItem && navItem.properties) {
 				navItem.groups = [];
@@ -23,6 +21,38 @@ module.exports = {
 				}
 			}
 		});
-		await navigationAdmin.save(data);
+		await navigationAdminSave(data);
 	},
 };
+// use navigation.get/save as it was in 1.11.0 so upgrade script doesn't crash on latest nbb
+// see https://github.com/NodeBB/NodeBB/pull/11013
+async function navigationAdminGet() {
+	const db = require('../../database');
+	const data = await db.getSortedSetRange('navigation:enabled', 0, -1);
+	return data.filter(Boolean).map((item) => {
+		item = JSON.parse(item);
+		item.groups = item.groups || [];
+		if (item.groups && !Array.isArray(item.groups)) {
+			item.groups = [item.groups];
+		}
+		return item;
+	});
+}
+
+async function navigationAdminSave(data) {
+	const db = require('../../database');
+	const translator = require('../../translator');
+	const order = Object.keys(data);
+	const items = data.map((item, index) => {
+		Object.keys(item).forEach((key) => {
+			if (item.hasOwnProperty(key) && typeof item[key] === 'string' && (key === 'title' || key === 'text')) {
+				item[key] = translator.escape(item[key]);
+			}
+		});
+		item.order = order[index];
+		return JSON.stringify(item);
+	});
+
+	await db.delete('navigation:enabled');
+	await db.sortedSetAdd('navigation:enabled', order, items);
+}