a
/
gosora
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Escaping should work properly now.

This commit is contained in:
Azareal 2017-12-30 10:07:57 +00:00
parent 57ae3243f8
commit 0fcc1bc04d
3 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/parser.go
View File

@ -165,7 +165,7 @@ func shortcodeToUnicode(msg string) string {
return msg return msg
} }
// TODO: Write a test for this // TODO: Write tests for this
func PreparseMessage(msg string) string { func PreparseMessage(msg string) string {
msg = strings.Replace(msg, "<p><br>", "\n\n", -1) msg = strings.Replace(msg, "<p><br>", "\n\n", -1)
msg = strings.Replace(msg, "<p>", "\n\n", -1) msg = strings.Replace(msg, "<p>", "\n\n", -1)

5
common/topic.go
View File

@ -8,6 +8,7 @@ package common
import ( import (
"database/sql" "database/sql"
"html"
"html/template" "html/template"
"strconv" "strconv"
"time" "time"
@ -235,8 +236,10 @@ func (topic *Topic) Delete() error {
return err return err
} }
// TODO: Write tests for this
func (topic *Topic) Update(name string, content string) error { func (topic *Topic) Update(name string, content string) error {
content = PreparseMessage(content) name = html.EscapeString(html.UnescapeString(name))
content = PreparseMessage(html.UnescapeString(content))
parsedContent := ParseMessage(content, topic.ParentID, "forums") parsedContent := ParseMessage(content, topic.ParentID, "forums")
_, err := topicStmts.edit.Exec(name, content, parsedContent, topic.ID) _, err := topicStmts.edit.Exec(name, content, parsedContent, topic.ID)
topic.cacheRemove() topic.cacheRemove()

10
mod_routes.go
View File

@ -4,6 +4,7 @@ import (
//"log" //"log"
//"fmt" //"fmt"
"encoding/json" "encoding/json"
"html"
"log" "log"
"net/http" "net/http"
"strconv" "strconv"
@ -43,10 +44,7 @@ func routeEditTopic(w http.ResponseWriter, r *http.Request, user common.User) co
return common.NoPermissionsJSQ(w, r, user, isJs) return common.NoPermissionsJSQ(w, r, user, isJs)
} }
topicName := r.PostFormValue("topic_name") err = topic.Update(r.PostFormValue("topic_name"), r.PostFormValue("topic_content"))
topicContent := common.PreparseMessage(r.PostFormValue("topic_content"))
// TODO: Fully parse the post and store it in the parsed column
err = topic.Update(topicName, topicContent)
if err != nil { if err != nil {
return common.InternalErrorJSQ(err, w, r, isJs) return common.InternalErrorJSQ(err, w, r, isJs)
} }
@ -352,7 +350,7 @@ func routeReplyEditSubmit(w http.ResponseWriter, r *http.Request, user common.Us
return common.NoPermissionsJSQ(w, r, user, isJs) return common.NoPermissionsJSQ(w, r, user, isJs)
} }
content := common.PreparseMessage(r.PostFormValue("edit_item")) content := common.PreparseMessage(html.UnescapeString(r.PostFormValue("edit_item")))
_, err = stmts.editReply.Exec(content, common.ParseMessage(content, fid, "forums"), rid) _, err = stmts.editReply.Exec(content, common.ParseMessage(content, fid, "forums"), rid)
if err != nil { if err != nil {
return common.InternalErrorJSQ(err, w, r, isJs) return common.InternalErrorJSQ(err, w, r, isJs)
@ -457,7 +455,7 @@ func routeProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user co
return common.NoPermissionsJSQ(w, r, user, isJs) return common.NoPermissionsJSQ(w, r, user, isJs)
} }
content := common.PreparseMessage(r.PostFormValue("edit_item")) content := common.PreparseMessage(html.UnescapeString(r.PostFormValue("edit_item")))
_, err = stmts.editProfileReply.Exec(content, common.ParseMessage(content, 0, ""), rid) _, err = stmts.editProfileReply.Exec(content, common.ParseMessage(content, 0, ""), rid)
if err != nil { if err != nil {
return common.InternalErrorJSQ(err, w, r, isJs) return common.InternalErrorJSQ(err, w, r, isJs)