mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
FIX: More safety when displaying link counts on blogs
This commit is contained in:
parent
9445bea530
commit
6dd1880f1f
|
@ -29,14 +29,18 @@ class EmbedController < ApplicationController
|
|||
|
||||
def count
|
||||
|
||||
urls = params[:embed_url].map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') }
|
||||
topic_embeds = TopicEmbed.where(embed_url: urls).includes(:topic).references(:topic)
|
||||
|
||||
embed_urls = params[:embed_url]
|
||||
by_url = {}
|
||||
topic_embeds.each do |te|
|
||||
url = te.embed_url
|
||||
url = "#{url}#discourse-comments" unless params[:embed_url].include?(url)
|
||||
by_url[url] = I18n.t('embed.replies', count: te.topic.posts_count - 1)
|
||||
|
||||
if embed_urls.present?
|
||||
urls = embed_urls.map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') }
|
||||
topic_embeds = TopicEmbed.where(embed_url: urls).includes(:topic).references(:topic)
|
||||
|
||||
topic_embeds.each do |te|
|
||||
url = te.embed_url
|
||||
url = "#{url}#discourse-comments" unless params[:embed_url].include?(url)
|
||||
by_url[url] = I18n.t('embed.replies', count: te.topic.posts_count - 1)
|
||||
end
|
||||
end
|
||||
|
||||
render json: {counts: by_url}, callback: params[:callback]
|
||||
|
|
|
@ -40,13 +40,14 @@
|
|||
|
||||
if (countFor.length > 0) {
|
||||
// Send JSONP request for the counts
|
||||
var d = document.createElement('script');
|
||||
d.src = discourseUrl + "embed/count?callback=discourseUpdateCounts";
|
||||
var d = document.createElement('script'),
|
||||
srcUrl = discourseUrl + "embed/count?callback=discourseUpdateCounts";
|
||||
|
||||
for (var j=0; j<countFor.length; j++) {
|
||||
d.src += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]);
|
||||
srcUrl += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]);
|
||||
}
|
||||
d.src = srcUrl;
|
||||
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
|
||||
}
|
||||
|
||||
})();
|
||||
})();
|
||||
|
|
Loading…
Reference in New Issue
Block a user