diff --git a/public/templates/account.tpl b/public/templates/account.tpl
index 5c7678f10c..720489b63a 100644
--- a/public/templates/account.tpl
+++ b/public/templates/account.tpl
@@ -36,7 +36,7 @@
website
- {website}
+ {websiteName}
location
diff --git a/src/routes/user.js b/src/routes/user.js
index 9b6d0d4a9d..5bdee2c5d0 100644
--- a/src/routes/user.js
+++ b/src/routes/user.js
@@ -543,6 +543,8 @@ var user = require('./../user.js'),
else
data.emailClass = "hide";
+ data.websiteName = data.website.replace('http://', '').replace('https://', '');
+
data.show_banned = data.banned === '1' ? '' : 'hide';
data.uid = uid;
diff --git a/src/user.js b/src/user.js
index a51d842e60..55c0516394 100644
--- a/src/user.js
+++ b/src/user.js
@@ -4,6 +4,8 @@ var bcrypt = require('bcrypt'),
nconf = require('nconf'),
winston = require('winston'),
userSearch = require('reds').createSearch('nodebbusersearch'),
+ check = require('validator').check,
+ sanitize = require('validator').sanitize,
utils = require('./../public/src/utils'),
RDB = require('./redis'),
@@ -13,6 +15,7 @@ var bcrypt = require('bcrypt'),
notifications = require('./notifications'),
topics = require('./topics');
+
(function(User) {
'use strict';
User.create = function(username, password, email, callback) {
@@ -244,6 +247,9 @@ var bcrypt = require('bcrypt'),
function updateField(field, next) {
if (data[field] !== undefined && typeof data[field] === 'string') {
+ data[field] = data[field].trim();
+ data[field] = sanitize(data[field]).escape();
+
if (field === 'email') {
var gravatarpicture = User.createGravatarURLFromEmail(data[field]);
User.setUserField(uid, 'gravatarpicture', gravatarpicture);
@@ -265,6 +271,10 @@ var bcrypt = require('bcrypt'),
return;
} else if (field === 'signature') {
data[field] = utils.strip_tags(data[field]);
+ } else if (field === 'website') {
+ if(data[field].substr(0, 7) !== 'http://' && data[field].substr(0, 8) !== 'https://') {
+ data[field] = 'http://' + data[field];
+ }
}
User.setUserField(uid, field, data[field]);