diff --git a/common/parser.go b/common/parser.go index 75989c63..8c268291 100644 --- a/common/parser.go +++ b/common/parser.go @@ -165,7 +165,7 @@ func shortcodeToUnicode(msg string) string { return msg } -// TODO: Write a test for this +// TODO: Write tests for this func PreparseMessage(msg string) string { msg = strings.Replace(msg, "
", "\n\n", -1)
msg = strings.Replace(msg, "
", "\n\n", -1) diff --git a/common/topic.go b/common/topic.go index 113d9c18..6784bb75 100644 --- a/common/topic.go +++ b/common/topic.go @@ -8,6 +8,7 @@ package common import ( "database/sql" + "html" "html/template" "strconv" "time" @@ -235,8 +236,10 @@ func (topic *Topic) Delete() error { return err } +// TODO: Write tests for this func (topic *Topic) Update(name string, content string) error { - content = PreparseMessage(content) + name = html.EscapeString(html.UnescapeString(name)) + content = PreparseMessage(html.UnescapeString(content)) parsedContent := ParseMessage(content, topic.ParentID, "forums") _, err := topicStmts.edit.Exec(name, content, parsedContent, topic.ID) topic.cacheRemove() diff --git a/mod_routes.go b/mod_routes.go index 10265c2e..2c223c59 100644 --- a/mod_routes.go +++ b/mod_routes.go @@ -4,6 +4,7 @@ import ( //"log" //"fmt" "encoding/json" + "html" "log" "net/http" "strconv" @@ -43,10 +44,7 @@ func routeEditTopic(w http.ResponseWriter, r *http.Request, user common.User) co return common.NoPermissionsJSQ(w, r, user, isJs) } - topicName := r.PostFormValue("topic_name") - topicContent := common.PreparseMessage(r.PostFormValue("topic_content")) - // TODO: Fully parse the post and store it in the parsed column - err = topic.Update(topicName, topicContent) + err = topic.Update(r.PostFormValue("topic_name"), r.PostFormValue("topic_content")) if err != nil { return common.InternalErrorJSQ(err, w, r, isJs) } @@ -352,7 +350,7 @@ func routeReplyEditSubmit(w http.ResponseWriter, r *http.Request, user common.Us return common.NoPermissionsJSQ(w, r, user, isJs) } - content := common.PreparseMessage(r.PostFormValue("edit_item")) + content := common.PreparseMessage(html.UnescapeString(r.PostFormValue("edit_item"))) _, err = stmts.editReply.Exec(content, common.ParseMessage(content, fid, "forums"), rid) if err != nil { return common.InternalErrorJSQ(err, w, r, isJs) @@ -457,7 +455,7 @@ func routeProfileReplyEditSubmit(w http.ResponseWriter, r *http.Request, user co return common.NoPermissionsJSQ(w, r, user, isJs) } - content := common.PreparseMessage(r.PostFormValue("edit_item")) + content := common.PreparseMessage(html.UnescapeString(r.PostFormValue("edit_item"))) _, err = stmts.editProfileReply.Exec(content, common.ParseMessage(content, 0, ""), rid) if err != nil { return common.InternalErrorJSQ(err, w, r, isJs)