codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-23 15:48:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: Validate the raw content of posts before enqueuing them

Browse source
This commit is contained in:
Robin Ward 2016-09-12 12:26:49 -04:00
parent 06eb256d0a
commit 2c9a47dda5
2 changed files with 49 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/new_post_manager.rb
View file

@ -80,6 +80,15 @@ class NewPostManager
def self.default_handler(manager) def self.default_handler(manager)
if user_needs_approval?(manager) if user_needs_approval?(manager)
validator = Validators::PostValidator.new
post = Post.new(raw: manager.args[:raw])
validator.validate(post)
if post.errors[:raw].present?
result = NewPostResult.new(:created_post, false)
result.errors[:base] = post.errors[:raw]
return result
end
# Can the user create the post in the first place? # Can the user create the post in the first place?
if manager.args[:topic_id] if manager.args[:topic_id]
topic = Topic.unscoped.where(id: manager.args[:topic_id]).first topic = Topic.unscoped.where(id: manager.args[:topic_id]).first

22
spec/controllers/posts_controller_spec.rb
View file

@ -583,11 +583,13 @@ describe PostsController do
expect { xhr :post, :create }.to raise_error(ActionController::ParameterMissing) expect { xhr :post, :create }.to raise_error(ActionController::ParameterMissing)
end end
it 'queues the post if min_first_post_typing_time is not met' do context "fast typing" do
before do
SiteSetting.min_first_post_typing_time = 3000 SiteSetting.min_first_post_typing_time = 3000
# our logged on user here is tl1
SiteSetting.auto_block_fast_typers_max_trust_level = 1 SiteSetting.auto_block_fast_typers_max_trust_level = 1
end
it 'queues the post if min_first_post_typing_time is not met' do
xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'} xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}
expect(response).to be_success expect(response).to be_success
@ -608,9 +610,6 @@ describe PostsController do
end end
it "doesn't enqueue replies when the topic is closed" do it "doesn't enqueue replies when the topic is closed" do
SiteSetting.min_first_post_typing_time = 3000
SiteSetting.auto_block_fast_typers_max_trust_level = 1
topic = Fabricate(:closed_topic) topic = Fabricate(:closed_topic)
xhr :post, :create, { xhr :post, :create, {
@ -624,6 +623,19 @@ describe PostsController do
expect(parsed["action"]).not_to eq("enqueued") expect(parsed["action"]).not_to eq("enqueued")
end end
it "doesn't enqueue replies when the post is too long" do
SiteSetting.max_post_length = 10
xhr :post, :create, {
raw: 'this is the test content',
title: 'this is the test title for the topic',
}
expect(response).not_to be_success
parsed = ::JSON.parse(response.body)
expect(parsed["action"]).not_to eq("enqueued")
end
end
it 'blocks correctly based on auto_block_first_post_regex' do it 'blocks correctly based on auto_block_first_post_regex' do
SiteSetting.auto_block_first_post_regex = "I love candy|i eat s[1-5]" SiteSetting.auto_block_first_post_regex = "I love candy|i eat s[1-5]"