fix: #8757, allow all slashes in category route

NodeBB · Oct 12, 2020 · 1ee9384 · 1ee9384
1 parent 0a4fd50
commit 1ee9384
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/src/user/settings.js b/src/user/settings.js
@@ -59,7 +59,7 @@ module.exports = function (User) {
 		settings.restrictChat = parseInt(getSetting(settings, 'restrictChat', 0), 10) === 1;
 		settings.topicSearchEnabled = parseInt(getSetting(settings, 'topicSearchEnabled', 0), 10) === 1;
 		settings.bootswatchSkin = validator.escape(String(settings.bootswatchSkin || ''));
-		settings.homePageRoute = validator.escape(String(settings.homePageRoute || '')).replace('&#x2F;', '/');
+		settings.homePageRoute = validator.escape(String(settings.homePageRoute || '')).replace(/&#x2F;/g, '/');
 		settings.scrollToMyPost = parseInt(getSetting(settings, 'scrollToMyPost', 1), 10) === 1;
 		settings.categoryWatchState = getSetting(settings, 'categoryWatchState', 'notwatching');
 

diff --git a/test/user.js b/test/user.js
@@ -1706,6 +1706,37 @@ describe('User', function () {
 			});
 		});
 
+		it('should properly escape homePageRoute', function (done) {
+			var data = {
+				uid: testUid,
+				settings: {
+					bootswatchSkin: 'default',
+					homePageRoute: 'category/6/testing-ground',
+					homePageCustom: '',
+					openOutgoingLinksInNewTab: 0,
+					scrollToMyPost: 1,
+					userLang: 'en-GB',
+					usePagination: 1,
+					topicsPerPage: '10',
+					postsPerPage: '5',
+					showemail: 1,
+					showfullname: 1,
+					restrictChat: 0,
+					followTopicsOnCreate: 1,
+					followTopicsOnReply: 1,
+				},
+			};
+			socketUser.saveSettings({ uid: testUid }, data, function (err) {
+				assert.ifError(err);
+				User.getSettings(testUid, function (err, data) {
+					assert.ifError(err);
+					assert.strictEqual(data.homePageRoute, 'category/6/testing-ground');
+					done();
+				});
+			});
+		});
+
+
 		it('should error if language is invalid', function (done) {
 			var data = {
 				uid: testUid,