Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-26 16:41:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8539, enforce content checks for post queue

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-07-31 13:37:14 -04:00
parent 776e34a80f
commit bb224184d8
2 changed files with 31 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/posts/queue.js
View File

@@ -94,6 +94,12 @@ module.exports = function (Posts) {
reply: 'topics:reply', reply: 'topics:reply',
}; };
topics.checkContent(data.content);
if (type === 'topic') {
topics.checkTitle(data.title);
await topics.validateTags(data.tags);
}
const [canPost] = await Promise.all([ const [canPost] = await Promise.all([
privileges.categories.can(typeToPrivilege[type], cid, data.uid), privileges.categories.can(typeToPrivilege[type], cid, data.uid),
user.isReadyToQueue(data.uid, cid), user.isReadyToQueue(data.uid, cid),

42
src/topics/create.js
View File

@@ -1,24 +1,24 @@
'use strict'; 'use strict';
var _ = require('lodash'); const _ = require('lodash');
var validator = require('validator'); const validator = require('validator');
var db = require('../database'); const db = require('../database');
var utils = require('../utils'); const utils = require('../utils');
var plugins = require('../plugins'); const plugins = require('../plugins');
var analytics = require('../analytics'); const analytics = require('../analytics');
var user = require('../user'); const user = require('../user');
var meta = require('../meta'); const meta = require('../meta');
var posts = require('../posts'); const posts = require('../posts');
var privileges = require('../privileges'); const privileges = require('../privileges');
var categories = require('../categories'); const categories = require('../categories');
const translator = require('../translator'); const translator = require('../translator');
module.exports = function (Topics) { module.exports = function (Topics) {
Topics.create = async function (data) { Topics.create = async function (data) {
// This is an internal method, consider using Topics.post instead // This is an internal method, consider using Topics.post instead
var timestamp = data.timestamp || Date.now(); const timestamp = data.timestamp || Date.now();
await Topics.resizeAndUploadThumb(data); await Topics.resizeAndUploadThumb(data);
const tid = await db.incrObjectField('global', 'nextTid'); const tid = await db.incrObjectField('global', 'nextTid');
@@ -71,9 +71,9 @@ module.exports = function (Topics) {
if (data.content) { if (data.content) {
data.content = utils.rtrim(data.content); data.content = utils.rtrim(data.content);
} }
check(data.title, meta.config.minimumTitleLength, meta.config.maximumTitleLength, 'title-too-short', 'title-too-long'); Topics.checkTitle(data.title);
await Topics.validateTags(data.tags, data.cid); await Topics.validateTags(data.tags, data.cid);
check(data.content, meta.config.minimumPostLength, meta.config.maximumPostLength, 'content-too-short', 'content-too-long'); Topics.checkContent(data.content);
const [categoryExists, canCreate, canTag] = await Promise.all([ const [categoryExists, canCreate, canTag] = await Promise.all([
categories.exists(data.cid), categories.exists(data.cid),
@@ -135,8 +135,8 @@ module.exports = function (Topics) {
}; };
Topics.reply = async function (data) { Topics.reply = async function (data) {
var tid = data.tid; const tid = data.tid;
var uid = data.uid; const uid = data.uid;
const topicData = await Topics.getTopicData(tid); const topicData = await Topics.getTopicData(tid);
if (!topicData) { if (!topicData) {
@@ -170,7 +170,7 @@ module.exports = function (Topics) {
if (data.content) { if (data.content) {
data.content = utils.rtrim(data.content); data.content = utils.rtrim(data.content);
} }
check(data.content, meta.config.minimumPostLength, meta.config.maximumPostLength, 'content-too-short', 'content-too-long'); Topics.checkContent(data.content);
data.ip = data.req ? data.req.ip : null; data.ip = data.req ? data.req.ip : null;
let postData = await posts.create(data); let postData = await posts.create(data);
@@ -235,6 +235,14 @@ module.exports = function (Topics) {
return postData; return postData;
} }
Topics.checkTitle = function (title) {
check(title, meta.config.minimumTitleLength, meta.config.maximumTitleLength, 'title-too-short', 'title-too-long');
};
Topics.checkContent = function (content) {
check(content, meta.config.minimumPostLength, meta.config.maximumPostLength, 'content-too-short', 'content-too-long');
};
function check(item, min, max, minError, maxError) { function check(item, min, max, minError, maxError) {
// Trim and remove HTML (latter for composers that send in HTML, like redactor) // Trim and remove HTML (latter for composers that send in HTML, like redactor)
if (typeof item === 'string') { if (typeof item === 'string') {