FIX: Validate the raw content of posts before enqueuing them

lib/new_post_manager.rb

@@ -80,6 +80,15 @@ class NewPostManager
   def self.default_handler(manager)
     if user_needs_approval?(manager)
 
+      validator = Validators::PostValidator.new
+      post = Post.new(raw: manager.args[:raw])
+      validator.validate(post)
+      if post.errors[:raw].present?
+        result = NewPostResult.new(:created_post, false)
+        result.errors[:base] = post.errors[:raw]
+        return result
+      end
+
       # Can the user create the post in the first place?
       if manager.args[:topic_id]
         topic = Topic.unscoped.where(id: manager.args[:topic_id]).first

spec/controllers/posts_controller_spec.rb

@@ -583,45 +583,57 @@ describe PostsController do
 	      expect { xhr :post, :create }.to raise_error(ActionController::ParameterMissing)
       end
 
-      it 'queues the post if min_first_post_typing_time is not met' do
+      context "fast typing" do
-        SiteSetting.min_first_post_typing_time = 3000
+        before do
-        # our logged on user here is tl1
+          SiteSetting.min_first_post_typing_time = 3000
-        SiteSetting.auto_block_fast_typers_max_trust_level = 1
+          SiteSetting.auto_block_fast_typers_max_trust_level = 1
+        end
 
-        xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}
+        it 'queues the post if min_first_post_typing_time is not met' do
+          xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}
 
-        expect(response).to be_success
+          expect(response).to be_success
-        parsed = ::JSON.parse(response.body)
+          parsed = ::JSON.parse(response.body)
 
-        expect(parsed["action"]).to eq("enqueued")
+          expect(parsed["action"]).to eq("enqueued")
 
-        user.reload
+          user.reload
-        expect(user.blocked).to eq(true)
+          expect(user.blocked).to eq(true)
 
-        qp = QueuedPost.first
+          qp = QueuedPost.first
 
-        mod = Fabricate(:moderator)
+          mod = Fabricate(:moderator)
-        qp.approve!(mod)
+          qp.approve!(mod)
 
-        user.reload
+          user.reload
-        expect(user.blocked).to eq(false)
+          expect(user.blocked).to eq(false)
-      end
+        end
 
-      it "doesn't enqueue replies when the topic is closed" do
+        it "doesn't enqueue replies when the topic is closed" do
-        SiteSetting.min_first_post_typing_time = 3000
+          topic = Fabricate(:closed_topic)
-        SiteSetting.auto_block_fast_typers_max_trust_level = 1
 
-        topic = Fabricate(:closed_topic)
+          xhr :post, :create, {
+            raw: 'this is the test content',
+            title: 'this is the test title for the topic',
+            topic_id: topic.id
+          }
 
-        xhr :post, :create, {
+          expect(response).not_to be_success
-          raw: 'this is the test content',
+          parsed = ::JSON.parse(response.body)
-          title: 'this is the test title for the topic',
+          expect(parsed["action"]).not_to eq("enqueued")
-          topic_id: topic.id
+        end
-        }
 
-        expect(response).not_to be_success
+        it "doesn't enqueue replies when the post is too long" do
-        parsed = ::JSON.parse(response.body)
+          SiteSetting.max_post_length = 10
-        expect(parsed["action"]).not_to eq("enqueued")
+          xhr :post, :create, {
+            raw: 'this is the test content',
+            title: 'this is the test title for the topic',
+          }
+
+          expect(response).not_to be_success
+          parsed = ::JSON.parse(response.body)
+          expect(parsed["action"]).not_to eq("enqueued")
+        end
       end
 
       it 'blocks correctly based on auto_block_first_post_regex' do