github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 09:42:02 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: use rstrip instead of regex gsub to prevent ReDOS (#19737)

Browse Source 
`rstrip` implementation is much more performant than regex

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
This commit is contained in:
Alan Guo Xiang Tan 2023-01-05 06:09:17 +08:00 committed by GitHub
parent 83944213b2
commit 918dd4d635
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/post_creator.rb
View File

@ -514,7 +514,7 @@ class PostCreator
end
def setup_post
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').gsub(/\s+\z/, "")
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').rstrip
post = Post.new(raw: @opts[:raw],
topic_id: @topic.try(:id),

2
lib/post_revisor.rb
View File

@ -274,7 +274,7 @@ class PostRevisor
end
def cleanup_whitespaces(raw)
raw.present? ? TextCleaner.normalize_whitespaces(raw).gsub(/\s+\z/, "") : ""
raw.present? ? TextCleaner.normalize_whitespaces(raw).rstrip : ""
end
def should_revise?