mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 17:46:05 -05:00
FIX: null bytes in user input should not cause post creation to fail
This commit is contained in:
parent
c493f82907
commit
714f841f0a
2 changed files with 12 additions and 0 deletions
|
@ -54,9 +54,15 @@ class PostCreator
|
||||||
# If we don't do this we introduce a rather risky dependency
|
# If we don't do this we introduce a rather risky dependency
|
||||||
@user = user
|
@user = user
|
||||||
@opts = opts || {}
|
@opts = opts || {}
|
||||||
|
pg_clean_up!(opts[:title])
|
||||||
|
pg_clean_up!(opts[:raw])
|
||||||
@spam = false
|
@spam = false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def pg_clean_up!(str)
|
||||||
|
str.gsub!("\u0000", "") if str
|
||||||
|
end
|
||||||
|
|
||||||
# True if the post was considered spam
|
# True if the post was considered spam
|
||||||
def spam?
|
def spam?
|
||||||
@spam
|
@spam
|
||||||
|
|
|
@ -21,6 +21,12 @@ describe PostCreator do
|
||||||
let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) }
|
let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) }
|
||||||
let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) }
|
let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) }
|
||||||
|
|
||||||
|
it "can create a topic with null byte central" do
|
||||||
|
post = PostCreator.create(user, title: "hello\u0000world this is title", raw: "this is my\u0000 first topic")
|
||||||
|
expect(post.raw).to eq 'this is my first topic'
|
||||||
|
expect(post.topic.title).to eq 'Helloworld this is title'
|
||||||
|
end
|
||||||
|
|
||||||
it "can be created with auto tracking disabled" do
|
it "can be created with auto tracking disabled" do
|
||||||
p = PostCreator.create(user, basic_topic_params.merge(auto_track: false))
|
p = PostCreator.create(user, basic_topic_params.merge(auto_track: false))
|
||||||
# must be 0 otherwise it will think we read the topic which is clearly untrue
|
# must be 0 otherwise it will think we read the topic which is clearly untrue
|
||||||
|
|
Loading…
Reference in a new issue