From 714f841f0a1febb3aca0269678d82f0a403313af Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 19 Aug 2015 12:15:38 +1000 Subject: [PATCH] FIX: null bytes in user input should not cause post creation to fail --- lib/post_creator.rb | 6 ++++++ spec/components/post_creator_spec.rb | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/lib/post_creator.rb b/lib/post_creator.rb index bbe0256ef25..52bd0621fea 100644 --- a/lib/post_creator.rb +++ b/lib/post_creator.rb @@ -54,9 +54,15 @@ class PostCreator # If we don't do this we introduce a rather risky dependency @user = user @opts = opts || {} + pg_clean_up!(opts[:title]) + pg_clean_up!(opts[:raw]) @spam = false end + def pg_clean_up!(str) + str.gsub!("\u0000", "") if str + end + # True if the post was considered spam def spam? @spam diff --git a/spec/components/post_creator_spec.rb b/spec/components/post_creator_spec.rb index f9619821b88..955663e4d25 100644 --- a/spec/components/post_creator_spec.rb +++ b/spec/components/post_creator_spec.rb @@ -21,6 +21,12 @@ describe PostCreator do let(:creator_with_meta_data) { PostCreator.new(user, basic_topic_params.merge(meta_data: {hello: "world"} )) } let(:creator_with_image_sizes) { PostCreator.new(user, basic_topic_params.merge(image_sizes: image_sizes)) } + it "can create a topic with null byte central" do + post = PostCreator.create(user, title: "hello\u0000world this is title", raw: "this is my\u0000 first topic") + expect(post.raw).to eq 'this is my first topic' + expect(post.topic.title).to eq 'Helloworld this is title' + end + it "can be created with auto tracking disabled" do p = PostCreator.create(user, basic_topic_params.merge(auto_track: false)) # must be 0 otherwise it will think we read the topic which is clearly untrue