archive-gh-me/nodeclub
1
0
Fork 0
mirror of https://github.com/cnodejs/nodeclub.git synced 2026-02-01 16:34:28 +00:00
Code Issues Projects Releases Wiki Activity

Merge remote branch 'cnode/master'

Browse Source
This commit is contained in:
dead-horse 2012-09-17 23:00:26 +08:00
commit 2750d52cb4
2 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controllers/reply.js
View File

@ -187,8 +187,9 @@ function get_reply_by_id(id, cb) {
return cb(err);
}
if (!reply.content_is_html) {
reply.content = Showdown.parse(Util.escape(reply.content));
reply.content = Showdown.parse(reply.content);
}
reply.content = sanitize(reply.content).xss();
reply.author = author;
reply.friendly_create_at = Util.format_date(reply.create_at, true);
@ -235,7 +236,7 @@ function get_replies_by_topic_id(id, cb) {
return cb(err, replies);
};
proxy.after('reply_find', replies.length, done);
for (var i = 0; i < replies.length; i++) {
for (var j = 0; j < replies.length; j++) {
(function (i) {
var author_id = replies[i].author_id;
user_ctrl.get_user_by_id(author_id, function (err, author) {
@ -243,8 +244,9 @@ function get_replies_by_topic_id(id, cb) {
return cb(err);
}
if (!replies[i].content_is_html) {
replies[i].content = Showdown.parse(Util.escape(replies[i].content));
replies[i].content = Showdown.parse(replies[i].content);
}
replies[i].content = sanitize(replies[i].content).xss();
replies[i].author = author;
replies[i].friendly_create_at = Util.format_date(replies[i].create_at, true);
at_ctrl.link_at_who(replies[i].content, function (err, str) {
@ -255,7 +257,7 @@ function get_replies_by_topic_id(id, cb) {
proxy.trigger('reply_find');
});
});
})(i);
})(j);
}
});
}

8
controllers/upload.js
View File

@ -2,7 +2,6 @@ var fs = require('fs');
var path = require('path');
var ndir = require('ndir');
var config = require('../config').config;
var crypto = require('crypto');
exports.uploadImage = function (req, res, next) {
if (!req.session || !req.session.user) {
@ -15,18 +14,15 @@ exports.uploadImage = function (req, res, next) {
return;
}
var uid = req.session.user._id.toString();
var shasum = crypto.createHash('sha1');
shasum.update(Date.now());
shasum.update(file.name);
var filename = shasum.digest('hex');
var userDir = path.join(config.upload_dir, uid);
ndir.mkdir(userDir, function (err) {
if (err) {
return next(err);
}
var filename = Date.now() + '_' + file.name;
var savepath = path.resolve(path.join(userDir, filename));
if (savepath.indexOf(path.resolve(userDir)) !== 0) {
return res.send({ status: 'forbidden' });
return res.send({status: 'forbidden'});
}
fs.rename(file.path, savepath, function (err) {
if (err) {