FIX: Validate the raw content of posts before enqueuing them

This commit is contained in:
Robin Ward 2016-09-12 12:26:49 -04:00
parent 06eb256d0a
commit 2c9a47dda5
2 changed files with 49 additions and 28 deletions

View file

@ -80,6 +80,15 @@ class NewPostManager
def self.default_handler(manager)
if user_needs_approval?(manager)
validator = Validators::PostValidator.new
post = Post.new(raw: manager.args[:raw])
validator.validate(post)
if post.errors[:raw].present?
result = NewPostResult.new(:created_post, false)
result.errors[:base] = post.errors[:raw]
return result
end
# Can the user create the post in the first place?
if manager.args[:topic_id]
topic = Topic.unscoped.where(id: manager.args[:topic_id]).first

View file

@ -583,45 +583,57 @@ describe PostsController do
expect { xhr :post, :create }.to raise_error(ActionController::ParameterMissing)
end
it 'queues the post if min_first_post_typing_time is not met' do
SiteSetting.min_first_post_typing_time = 3000
# our logged on user here is tl1
SiteSetting.auto_block_fast_typers_max_trust_level = 1
context "fast typing" do
before do
SiteSetting.min_first_post_typing_time = 3000
SiteSetting.auto_block_fast_typers_max_trust_level = 1
end
xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}
it 'queues the post if min_first_post_typing_time is not met' do
xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}
expect(response).to be_success
parsed = ::JSON.parse(response.body)
expect(response).to be_success
parsed = ::JSON.parse(response.body)
expect(parsed["action"]).to eq("enqueued")
expect(parsed["action"]).to eq("enqueued")
user.reload
expect(user.blocked).to eq(true)
user.reload
expect(user.blocked).to eq(true)
qp = QueuedPost.first
qp = QueuedPost.first
mod = Fabricate(:moderator)
qp.approve!(mod)
mod = Fabricate(:moderator)
qp.approve!(mod)
user.reload
expect(user.blocked).to eq(false)
end
user.reload
expect(user.blocked).to eq(false)
end
it "doesn't enqueue replies when the topic is closed" do
SiteSetting.min_first_post_typing_time = 3000
SiteSetting.auto_block_fast_typers_max_trust_level = 1
it "doesn't enqueue replies when the topic is closed" do
topic = Fabricate(:closed_topic)
topic = Fabricate(:closed_topic)
xhr :post, :create, {
raw: 'this is the test content',
title: 'this is the test title for the topic',
topic_id: topic.id
}
xhr :post, :create, {
raw: 'this is the test content',
title: 'this is the test title for the topic',
topic_id: topic.id
}
expect(response).not_to be_success
parsed = ::JSON.parse(response.body)
expect(parsed["action"]).not_to eq("enqueued")
end
expect(response).not_to be_success
parsed = ::JSON.parse(response.body)
expect(parsed["action"]).not_to eq("enqueued")
it "doesn't enqueue replies when the post is too long" do
SiteSetting.max_post_length = 10
xhr :post, :create, {
raw: 'this is the test content',
title: 'this is the test title for the topic',
}
expect(response).not_to be_success
parsed = ::JSON.parse(response.body)
expect(parsed["action"]).not_to eq("enqueued")
end
end
it 'blocks correctly based on auto_block_first_post_regex' do