FIX: null bytes in user input should not cause post creation to fail

This commit is contained in:
Sam 2015-08-19 12:15:38 +10:00
parent c493f82907
commit 714f841f0a
2 changed files with 12 additions and 0 deletions

View File

@ -54,9 +54,15 @@ class PostCreator
# If we don't do this we introduce a rather risky dependency # If we don't do this we introduce a rather risky dependency
@user = user @user = user
@opts = opts || {} @opts = opts || {}
pg_clean_up!(opts[:title])
pg_clean_up!(opts[:raw])
@spam = false @spam = false
end end
def pg_clean_up!(str)
str.gsub!("\u0000", "") if str
end
# True if the post was considered spam # True if the post was considered spam
def spam? def spam?
@spam @spam

View File

@ -21,6 +21,12 @@ describe PostCreator do
let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) } let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) }
let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) } let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) }
it "can create a topic with null byte central" do
post = PostCreator.create(user, title: "hello\u0000world this is title", raw: "this is my\u0000 first topic")
expect(post.raw).to eq 'this is my first topic'
expect(post.topic.title).to eq 'Helloworld this is title'
end
it "can be created with auto tracking disabled" do it "can be created with auto tracking disabled" do
p = PostCreator.create(user, basic_topic_params.merge(auto_track: false)) p = PostCreator.create(user, basic_topic_params.merge(auto_track: false))
# must be 0 otherwise it will think we read the topic which is clearly untrue # must be 0 otherwise it will think we read the topic which is clearly untrue