github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 20:21:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: More safety when displaying link counts on blogs

Browse Source
This commit is contained in:
Robin Ward
2014-05-20 15:20:02 -04:00
parent 9445bea530
commit 6dd1880f1f
2 changed files with 16 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/embed_controller.rb
View File

@ -29,15 +29,19 @@ class EmbedController < ApplicationController
def count def count
urls = params[:embed_url].map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') } embed_urls = params[:embed_url]
by_url = {}
if embed_urls.present?
urls = embed_urls.map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') }
topic_embeds = TopicEmbed.where(embed_url: urls).includes(:topic).references(:topic) topic_embeds = TopicEmbed.where(embed_url: urls).includes(:topic).references(:topic)
by_url = {}
topic_embeds.each do |te| topic_embeds.each do |te|
url = te.embed_url url = te.embed_url
url = "#{url}#discourse-comments" unless params[:embed_url].include?(url) url = "#{url}#discourse-comments" unless params[:embed_url].include?(url)
by_url[url] = I18n.t('embed.replies', count: te.topic.posts_count - 1) by_url[url] = I18n.t('embed.replies', count: te.topic.posts_count - 1)
end end
end
render json: {counts: by_url}, callback: params[:callback] render json: {counts: by_url}, callback: params[:callback]
end end

7
public/javascripts/count.js
View File

@ -40,12 +40,13 @@
if (countFor.length > 0) { if (countFor.length > 0) {
// Send JSONP request for the counts // Send JSONP request for the counts
var d = document.createElement('script'); var d = document.createElement('script'),
d.src = discourseUrl + "embed/count?callback=discourseUpdateCounts"; srcUrl = discourseUrl + "embed/count?callback=discourseUpdateCounts";
for (var j=0; j<countFor.length; j++) { for (var j=0; j<countFor.length; j++) {
d.src += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]); srcUrl += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]);
} }
d.src = srcUrl;
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d); (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
} }