Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: santize tags when creating new topic via URL

This commit is contained in:
Arpit Jalan 2018-04-15 17:24:04 +05:30
parent bf2574ee76
commit c28c5083e0
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/assets/javascripts/discourse/controllers/composer.js.es6
View File

@ -682,7 +682,7 @@ export default Ember.Controller.extend({
} }
if (opts.topicTitle && opts.topicTitle.length <= this.siteSettings.max_topic_title_length) { if (opts.topicTitle && opts.topicTitle.length <= this.siteSettings.max_topic_title_length) {
this.set('model.title', opts.topicTitle); this.set('model.title', escapeExpression(opts.topicTitle));
} }
if (opts.topicCategoryId) { if (opts.topicCategoryId) {
@ -707,7 +707,12 @@ export default Ember.Controller.extend({
} }
if (opts.topicTags && !this.site.mobileView && this.site.get('can_tag_topics')) { if (opts.topicTags && !this.site.mobileView && this.site.get('can_tag_topics')) {
this.set('model.tags', opts.topicTags.split(",")); const self = this;
let tags = escapeExpression(opts.topicTags).split(",").slice(0, self.siteSettings.max_tags_per_topic);
tags.forEach(function(tag, index, array) {
array[index] = tag.substring(0, self.siteSettings.max_tag_length);
});
self.set('model.tags', tags);
} }
if (opts.topicBody) { if (opts.topicBody) {

2
app/assets/javascripts/select-kit/components/mini-tag-chooser.js.es6
View File

@ -2,6 +2,7 @@ import ComboBox from "select-kit/components/combo-box";
import Tags from "select-kit/mixins/tags"; import Tags from "select-kit/mixins/tags";
import { default as computed } from "ember-addons/ember-computed-decorators"; import { default as computed } from "ember-addons/ember-computed-decorators";
import renderTag from "discourse/lib/render-tag"; import renderTag from "discourse/lib/render-tag";
import { escapeExpression } from 'discourse/lib/utilities';
const { get, isEmpty, run, makeArray } = Ember; const { get, isEmpty, run, makeArray } = Ember;
export default ComboBox.extend(Tags, { export default ComboBox.extend(Tags, {
@ -110,6 +111,7 @@ export default ComboBox.extend(Tags, {
} }
tags.map((tag) => { tags.map((tag) => {
tag = escapeExpression(tag);
const isHighlighted = highlightedSelection.map(s => get(s, "value")).includes(tag); const isHighlighted = highlightedSelection.map(s => get(s, "value")).includes(tag);
output += ` output += `
<button aria-label="${tag}" title="${tag}" class="selected-tag ${isHighlighted ? 'is-highlighted' : ''}" data-value="${tag}"> <button aria-label="${tag}" title="${tag}" class="selected-tag ${isHighlighted ? 'is-highlighted' : ''}" data-value="${tag}">