FIX: More safety when displaying link counts on blogs

This commit is contained in:
Robin Ward 2014-05-20 15:20:02 -04:00
parent 9445bea530
commit 6dd1880f1f
2 changed files with 16 additions and 11 deletions

View File

@ -29,15 +29,19 @@ class EmbedController < ApplicationController
def count
urls = params[:embed_url].map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') }
embed_urls = params[:embed_url]
by_url = {}
if embed_urls.present?
urls = embed_urls.map {|u| u.sub(/#discourse-comments$/, '').sub(/\/$/, '') }
topic_embeds = TopicEmbed.where(embed_url: urls).includes(:topic).references(:topic)
by_url = {}
topic_embeds.each do |te|
url = te.embed_url
url = "#{url}#discourse-comments" unless params[:embed_url].include?(url)
by_url[url] = I18n.t('embed.replies', count: te.topic.posts_count - 1)
end
end
render json: {counts: by_url}, callback: params[:callback]
end

View File

@ -40,12 +40,13 @@
if (countFor.length > 0) {
// Send JSONP request for the counts
var d = document.createElement('script');
d.src = discourseUrl + "embed/count?callback=discourseUpdateCounts";
var d = document.createElement('script'),
srcUrl = discourseUrl + "embed/count?callback=discourseUpdateCounts";
for (var j=0; j<countFor.length; j++) {
d.src += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]);
srcUrl += "&" + "embed_url[]=" + encodeURIComponent(countFor[j]);
}
d.src = srcUrl;
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
}