From 2c9a47dda511a15efbf4ee4e92bee0b0f7b07def Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Mon, 12 Sep 2016 12:26:49 -0400 Subject: [PATCH] FIX: Validate the raw content of posts before enqueuing them --- lib/new_post_manager.rb | 9 +++ spec/controllers/posts_controller_spec.rb | 68 +++++++++++++---------- 2 files changed, 49 insertions(+), 28 deletions(-) diff --git a/lib/new_post_manager.rb b/lib/new_post_manager.rb index 2a1bab05f..40845d609 100644 --- a/lib/new_post_manager.rb +++ b/lib/new_post_manager.rb @@ -80,6 +80,15 @@ class NewPostManager def self.default_handler(manager) if user_needs_approval?(manager) + validator = Validators::PostValidator.new + post = Post.new(raw: manager.args[:raw]) + validator.validate(post) + if post.errors[:raw].present? + result = NewPostResult.new(:created_post, false) + result.errors[:base] = post.errors[:raw] + return result + end + # Can the user create the post in the first place? if manager.args[:topic_id] topic = Topic.unscoped.where(id: manager.args[:topic_id]).first diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb index 9ebeb7612..99af04c81 100644 --- a/spec/controllers/posts_controller_spec.rb +++ b/spec/controllers/posts_controller_spec.rb @@ -583,45 +583,57 @@ describe PostsController do expect { xhr :post, :create }.to raise_error(ActionController::ParameterMissing) end - it 'queues the post if min_first_post_typing_time is not met' do - SiteSetting.min_first_post_typing_time = 3000 - # our logged on user here is tl1 - SiteSetting.auto_block_fast_typers_max_trust_level = 1 + context "fast typing" do + before do + SiteSetting.min_first_post_typing_time = 3000 + SiteSetting.auto_block_fast_typers_max_trust_level = 1 + end - xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'} + it 'queues the post if min_first_post_typing_time is not met' do + xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'} - expect(response).to be_success - parsed = ::JSON.parse(response.body) + expect(response).to be_success + parsed = ::JSON.parse(response.body) - expect(parsed["action"]).to eq("enqueued") + expect(parsed["action"]).to eq("enqueued") - user.reload - expect(user.blocked).to eq(true) + user.reload + expect(user.blocked).to eq(true) - qp = QueuedPost.first + qp = QueuedPost.first - mod = Fabricate(:moderator) - qp.approve!(mod) + mod = Fabricate(:moderator) + qp.approve!(mod) - user.reload - expect(user.blocked).to eq(false) - end + user.reload + expect(user.blocked).to eq(false) + end - it "doesn't enqueue replies when the topic is closed" do - SiteSetting.min_first_post_typing_time = 3000 - SiteSetting.auto_block_fast_typers_max_trust_level = 1 + it "doesn't enqueue replies when the topic is closed" do + topic = Fabricate(:closed_topic) - topic = Fabricate(:closed_topic) + xhr :post, :create, { + raw: 'this is the test content', + title: 'this is the test title for the topic', + topic_id: topic.id + } - xhr :post, :create, { - raw: 'this is the test content', - title: 'this is the test title for the topic', - topic_id: topic.id - } + expect(response).not_to be_success + parsed = ::JSON.parse(response.body) + expect(parsed["action"]).not_to eq("enqueued") + end - expect(response).not_to be_success - parsed = ::JSON.parse(response.body) - expect(parsed["action"]).not_to eq("enqueued") + it "doesn't enqueue replies when the post is too long" do + SiteSetting.max_post_length = 10 + xhr :post, :create, { + raw: 'this is the test content', + title: 'this is the test title for the topic', + } + + expect(response).not_to be_success + parsed = ::JSON.parse(response.body) + expect(parsed["action"]).not_to eq("enqueued") + end end it 'blocks correctly based on auto_block_first_post_regex' do