mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 15:16:08 +08:00
SECURITY: use rstrip instead of regex gsub to prevent ReDOS (#19737)
`rstrip` implementation is much more performant than regex Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
This commit is contained in:
parent
83944213b2
commit
918dd4d635
|
@ -514,7 +514,7 @@ class PostCreator
|
|||
end
|
||||
|
||||
def setup_post
|
||||
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').gsub(/\s+\z/, "")
|
||||
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').rstrip
|
||||
|
||||
post = Post.new(raw: @opts[:raw],
|
||||
topic_id: @topic.try(:id),
|
||||
|
|
|
@ -274,7 +274,7 @@ class PostRevisor
|
|||
end
|
||||
|
||||
def cleanup_whitespaces(raw)
|
||||
raw.present? ? TextCleaner.normalize_whitespaces(raw).gsub(/\s+\z/, "") : ""
|
||||
raw.present? ? TextCleaner.normalize_whitespaces(raw).rstrip : ""
|
||||
end
|
||||
|
||||
def should_revise?
|
||||
|
|
Loading…
Reference in New Issue
Block a user