Fix a couple issues discussed on IRC
This commit is contained in:
parent
fad1da7ab4
commit
c78ef333da
|
@ -110,6 +110,25 @@ describe('KickbanModule', () => {
|
|||
);
|
||||
});
|
||||
|
||||
it('rejects if the username is invalid', done => {
|
||||
mockUser.socket.emit = (frame, obj) => {
|
||||
if (frame === 'errorMsg') {
|
||||
assert.strictEqual(
|
||||
obj.msg,
|
||||
'Invalid username'
|
||||
);
|
||||
|
||||
done();
|
||||
}
|
||||
};
|
||||
|
||||
kickban.handleCmdBan(
|
||||
mockUser,
|
||||
'/ban test_user<>%$# because reasons',
|
||||
{}
|
||||
);
|
||||
});
|
||||
|
||||
it('rejects if the user does not have ban permission', done => {
|
||||
mockUser.socket.emit = (frame, obj) => {
|
||||
if (frame === 'errorMsg') {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"author": "Calvin Montgomery",
|
||||
"name": "CyTube",
|
||||
"description": "Online media synchronizer and chat",
|
||||
"version": "3.84.0",
|
||||
"version": "3.85.0",
|
||||
"repository": {
|
||||
"url": "http://github.com/calzoneman/sync"
|
||||
},
|
||||
|
|
|
@ -15,8 +15,19 @@ window.CustomEmbedPlayer = class CustomEmbedPlayer extends EmbedPlayer
|
|||
return
|
||||
|
||||
embedSrc = data.meta.embed.src
|
||||
link = "<a href=\"#{embedSrc}\" target=\"_blank\"><strong>#{embedSrc}</strong></a>"
|
||||
alert = makeAlert('Untrusted Content', CUSTOM_EMBED_WARNING.replace('%link%', link),
|
||||
|
||||
link = document.createElement('a')
|
||||
link.href = embedSrc
|
||||
link.target = '_blank'
|
||||
link.rel = 'noopener noreferer'
|
||||
|
||||
strong = document.createElement('strong')
|
||||
strong.textContent = embedSrc
|
||||
link.appendChild(strong)
|
||||
|
||||
# TODO: Ideally makeAlert() would allow optionally providing a DOM
|
||||
# element instead of requiring HTML text
|
||||
alert = makeAlert('Untrusted Content', CUSTOM_EMBED_WARNING.replace('%link%', link.outerHTML),
|
||||
'alert-warning')
|
||||
.removeClass('col-md-12')
|
||||
$('<button/>').addClass('btn btn-default')
|
||||
|
|
|
@ -4,6 +4,7 @@ var Flags = require("../flags");
|
|||
var util = require("../utilities");
|
||||
var Account = require("../account");
|
||||
import Promise from 'bluebird';
|
||||
const XSS = require("../xss");
|
||||
|
||||
const dbIsNameBanned = Promise.promisify(db.channels.isNameBanned);
|
||||
const dbIsIPBanned = Promise.promisify(db.channels.isIPBanned);
|
||||
|
@ -261,7 +262,6 @@ KickBanModule.prototype.handleCmdIPBan = function (user, msg, _meta) {
|
|||
chan.refCounter.ref("KickBanModule::handleCmdIPBan");
|
||||
|
||||
this.banAll(user, name, range, reason).catch(error => {
|
||||
//console.log('!!!', error.stack);
|
||||
const message = error.message || error;
|
||||
user.socket.emit("errorMsg", { msg: message });
|
||||
}).then(() => {
|
||||
|
@ -276,6 +276,10 @@ KickBanModule.prototype.checkChannelAlive = function checkChannelAlive() {
|
|||
};
|
||||
|
||||
KickBanModule.prototype.banName = async function banName(actor, name, reason) {
|
||||
if (!util.isValidUserName(name)) {
|
||||
throw new Error("Invalid username");
|
||||
}
|
||||
|
||||
reason = reason.substring(0, 255);
|
||||
|
||||
var chan = this.channel;
|
||||
|
@ -323,6 +327,9 @@ KickBanModule.prototype.banName = async function banName(actor, name, reason) {
|
|||
};
|
||||
|
||||
KickBanModule.prototype.banIP = async function banIP(actor, ip, name, reason) {
|
||||
if (!util.isValidUserName(name)) {
|
||||
throw new Error("Invalid username");
|
||||
}
|
||||
reason = reason.substring(0, 255);
|
||||
var masked = util.cloakIP(ip);
|
||||
|
||||
|
@ -445,8 +452,9 @@ KickBanModule.prototype.handleUnban = function (user, data) {
|
|||
self.channel.logger.log("[mod] " + user.getName() + " unbanned " + data.name);
|
||||
if (self.channel.modules.chat) {
|
||||
var banperm = self.channel.modules.permissions.permissions.ban;
|
||||
// TODO: quick fix, shouldn't trust name from unban frame.
|
||||
self.channel.modules.chat.sendModMessage(
|
||||
user.getName() + " unbanned " + data.name,
|
||||
user.getName() + " unbanned " + XSS.sanitizeText(data.name),
|
||||
banperm
|
||||
);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue