Make FIELDS_TO_REPLACEE const at top of file and remove message from them ref #200

2 weeks ago · b61cc708b0
parent da73073bcb
commit b61cc708b0
3 changed files with 10 additions and 11 deletions
--- a/lib/post/filteractions.js
+++ b/lib/post/filteractions.js
@ -1,9 +1,9 @@
 'use strict';

 const { Bans } = require(__dirname+'/../../db/')
-	, dynamicResponse = require(__dirname+'/../misc/dynamic.js');
+	, dynamicResponse = require(__dirname+'/../misc/dynamic.js')
+	, FIELDS_TO_REPLACE = ['email', 'subject', 'message'];

-//ehhh, kinda too many args
 module.exports = async (req, res, globalFilter, hit, filter, redirect) => {

 	const { __ } = res.locals;
@ -48,9 +48,7 @@ module.exports = async (req, res, globalFilter, hit, filter, redirect) => {
 		});
 	} else {
 		//the filter could have hit any part of the combinedstring
-		//name field omitted to prevent malicious filter from revealing tripcodes
-		const fields = ['email','subject','message'];
-		for (const field of fields) {
+		for (const field of FIELDS_TO_REPLACE) {
 			if (req.body[field]) {
 				req.body[field] = req.body[field].replaceAll(hit, filter.replaceText);
 			}
--- a/models/forms/editpost.js
+++ b/models/forms/editpost.js
@ -15,7 +15,8 @@ const { Posts, Modlogs, Filters } = require(__dirname+'/../../db/')
 	, buildQueue = require(__dirname+'/../../lib/build/queue.js')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, Socketio = require(__dirname+'/../../lib/misc/socketio.js')
-	, { buildThread } = require(__dirname+'/../../lib/build/tasks.js');
+	, { buildThread } = require(__dirname+'/../../lib/build/tasks.js')
+	, FIELDS_TO_REPLACE = ['email', 'subject', 'message'];

 module.exports = async (req, res) => {

@ -31,6 +32,7 @@ todo: handle some more situations

 	//filters
 	if (!res.locals.permissions.get(Permissions.BYPASS_FILTERS)) {
+
 		//only global filters are checked, because anybody who could edit bypasses board filters
 		const globalFilters = await Filters.findForBoard(null);

@ -47,8 +49,7 @@ todo: handle some more situations
 					await filterActions(req, res, true, o.h, o.f, null);
 				}

-				const fields = ['name','email','subject','message'];
-				for (const field of fields) {
+				for (const field of FIELDS_TO_REPLACE) {
 					//check filters haven't pushed a field past its limit
 					if (req.body[field] && (req.body[field].length > globalLimits.fieldLength[field])) {
 						return dynamicResponse(req, res, 400, 'message', {
--- a/models/forms/makepost.js
+++ b/models/forms/makepost.js
@ -33,7 +33,8 @@ const { createHash, randomBytes } = require('crypto')
 	, { postPasswordSecret } = require(__dirname+'/../../configs/secrets.js')
 	, buildQueue = require(__dirname+'/../../lib/build/queue.js')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
-	, { buildThread } = require(__dirname+'/../../lib/build/tasks.js');
+	, { buildThread } = require(__dirname+'/../../lib/build/tasks.js')
+	, FIELDS_TO_REPLACE = ['email', 'subject', 'message'];

 module.exports = async (req, res) => {

@ -144,8 +145,7 @@ module.exports = async (req, res) => {
 					await filterActions(req, res, globalFilter, o.h, o.f, redirect);
 				}

-				const fields = ['name','email','subject','message'];
-				for (const field of fields) {
+				for (const field of FIELDS_TO_REPLACE) {
 					//check filters haven't pushed a field past its limit
 					if (req.body[field] && (req.body[field].length > globalLimits.fieldLength[field])) {
 						await deleteTempFiles(req).catch(console.error);