github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-24 06:09:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: use rstrip instead of regex gsub to prevent ReDOS (#19738)

Browse Source 
`rstrip` implementation is much more performant than regex

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
This commit is contained in:
Alan Guo Xiang Tan 2023-01-05 08:51:33 +08:00 committed by GitHub
parent 4bf306f0e3
commit fae0cd9f54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/post_creator.rb
View File

@ -549,7 +549,7 @@ class PostCreator
end
def setup_post
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').gsub(/\s+\z/, "")
@opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').rstrip
post = Post.new(raw: @opts[:raw],
topic_id: @topic.try(:id),

2
lib/post_revisor.rb
View File

@ -258,7 +258,7 @@ class PostRevisor
end
def cleanup_whitespaces(raw)
raw.present? ? TextCleaner.normalize_whitespaces(raw).gsub(/\s+\z/, "") : ""
raw.present? ? TextCleaner.normalize_whitespaces(raw).rstrip : ""
end
def should_revise?