SECURITY: use rstrip instead of regex gsub to prevent ReDOS (#19737)
`rstrip` implementation is much more performant than regex Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
This commit is contained in:
parent
83944213b2
commit
918dd4d635
|
@ -514,7 +514,7 @@ class PostCreator
|
||||||
end
|
end
|
||||||
|
|
||||||
def setup_post
|
def setup_post
|
||||||
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').gsub(/\s+\z/, "")
|
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').rstrip
|
||||||
|
|
||||||
post = Post.new(raw: @opts[:raw],
|
post = Post.new(raw: @opts[:raw],
|
||||||
topic_id: @topic.try(:id),
|
topic_id: @topic.try(:id),
|
||||||
|
|
|
@ -274,7 +274,7 @@ class PostRevisor
|
||||||
end
|
end
|
||||||
|
|
||||||
def cleanup_whitespaces(raw)
|
def cleanup_whitespaces(raw)
|
||||||
raw.present? ? TextCleaner.normalize_whitespaces(raw).gsub(/\s+\z/, "") : ""
|
raw.present? ? TextCleaner.normalize_whitespaces(raw).rstrip : ""
|
||||||
end
|
end
|
||||||
|
|
||||||
def should_revise?
|
def should_revise?
|
||||||
|
|
Loading…
Reference in New Issue