FIX: null bytes in user input should not cause post creation to fail

This commit is contained in:
Sam 2015-08-19 12:15:38 +10:00
parent c493f82907
commit 714f841f0a
2 changed files with 12 additions and 0 deletions

View file

@ -54,9 +54,15 @@ class PostCreator
# If we don't do this we introduce a rather risky dependency
@user = user
@opts = opts || {}
pg_clean_up!(opts[:title])
pg_clean_up!(opts[:raw])
@spam = false
end
def pg_clean_up!(str)
str.gsub!("\u0000", "") if str
end
# True if the post was considered spam
def spam?
@spam

View file

@ -21,6 +21,12 @@ describe PostCreator do
let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) }
let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) }
it "can create a topic with null byte central" do
post = PostCreator.create(user, title: "hello\u0000world this is title", raw: "this is my\u0000 first topic")
expect(post.raw).to eq 'this is my first topic'
expect(post.topic.title).to eq 'Helloworld this is title'
end
it "can be created with auto tracking disabled" do
p = PostCreator.create(user, basic_topic_params.merge(auto_track: false))
# must be 0 otherwise it will think we read the topic which is clearly untrue