Merge pull request #562 from Martii/emptyCommentingCheck

Prevent empty spaced commenting and topics

Auto-merge

Author: Martii

controllers/discussion.js

@@ -362,7 +362,9 @@ function postTopic(aUser, aCategory, aTopic, aContent, aIssue, aCallback) {
   var params = { sort: {} };
   params.sort.duplicateId = -1;
 
-  if (!urlTopic) { aCallback(null); }
+  if (!urlTopic) {
+    aCallback(null);
+  }
 
   Discussion.findOne({ path: path }, null, params, function (aErr, aDiscussion) {
     var newDiscussion = null;
@@ -414,8 +416,9 @@ exports.createTopic = function (aReq, aRes, aNext) {
   var content = aReq.body['comment-content'];
 
   var category = _.findWhere(categories, { slug: categorySlug });
-  if (!category)
+  if (!category) {
     return aNext();
+  }
 
   //
   var options = {};
@@ -428,7 +431,14 @@ exports.createTopic = function (aReq, aRes, aNext) {
   if (!category.canUserPostTopic(authedUser)) {
     return statusCodePage(aReq, aRes, aNext, {
       statusCode: 403,
-      statusMessage: 'You cannot post a topic to this category',
+      statusMessage: 'You cannot post a topic to this category'
+    });
+  }
+
+  if ((!topic || !topic.trim()) || (!content || !content.trim())) {
+    return statusCodePage(aReq, aRes, aNext, {
+      statusCode: 403,
+      statusMessage: 'You cannot post an empty discussion topic to this category'
     });
   }
 
@@ -447,14 +457,25 @@ exports.createComment = function (aReq, aRes, aNext) {
   var authedUser = aReq.session.user;
   var content = aReq.body['comment-content'];
 
-  if (!authedUser) { return aNext(); }
+  if (!authedUser) {
+    return aNext();
+  }
 
-  findDiscussion(category, topic, function (discussion) {
-    if (!discussion) { return aNext(); }
+  findDiscussion(category, topic, function (aDiscussion) {
+    if (!aDiscussion) {
+      return aNext();
+    }
+
+    if (!content || !content.trim()) {
+      return statusCodePage(aReq, aRes, aNext, {
+        statusCode: 403,
+        statusMessage: 'You cannot post an empty comment to this discussion'
+      });
+    }
 
-    postComment(authedUser, discussion, content, false, function (err, discussion) {
-      aRes.redirect(encodeURI(discussion.path
-        + (discussion.duplicateId ? '_' + discussion.duplicateId : '')));
+    postComment(authedUser, aDiscussion, content, false, function (aErr, aDiscussion) {
+      aRes.redirect(encodeURI(aDiscussion.path
+        + (aDiscussion.duplicateId ? '_' + aDiscussion.duplicateId : '')));
     });
   });
 };

controllers/issue.js

@@ -19,6 +19,7 @@ var scriptStorage = require('./scriptStorage');
 var discussionLib = require('./discussion');
 var execQueryTask = require('../libs/tasks').execQueryTask;
 var countTask = require('../libs/tasks').countTask;
+var statusCodePage = require('../libs/templateHelpers').statusCodePage;
 var pageMetadata = require('../libs/templateHelpers').pageMetadata;
 var orderDir = require('../libs/templateHelpers').orderDir;
 
@@ -284,6 +285,14 @@ exports.open = function (aReq, aRes, aNext) {
     options.category = category;
 
     if (topic && content) {
+      if (!topic.trim() || !content.trim()) {
+        return statusCodePage(aReq, aRes, aNext, {
+          statusCode: 403,
+          statusMessage: 'You cannot post an empty issue topic to this ' +
+            (type === 'libs' ? 'library' : 'script')
+        });
+      }
+
       // Issue Submission
       discussionLib.postTopic(authedUser, category.slug, topic, content, true,
         function (aDiscussion) {
@@ -315,12 +324,23 @@ exports.comment = function (aReq, aRes, aNext) {
 
   Script.findOne({ installName: scriptStorage.caseInsensitive(installName
     + (type === 'libs' ? '.js' : '.user.js')) }, function (aErr, aScript) {
-      var content = aReq.body['comment-content'];
+    var content = aReq.body['comment-content'];
 
-    if (aErr || !aScript) { return aNext(); }
+    if (aErr || !aScript) {
+      return aNext();
+    }
+
+    if (!content || !content.trim()) {
+      return statusCodePage(aReq, aRes, aNext, {
+        statusCode: 403,
+        statusMessage: 'You cannot post an empty comment to this issue'
+      });
+    }
 
     discussionLib.findDiscussion(category, topic, function (aIssue) {
-      if (!aIssue) { return aNext(); }
+      if (!aIssue) {
+        return aNext();
+      }
 
       discussionLib.postComment(authedUser, aIssue, content, false,
         function (aErr, aDiscussion) {

views/includes/commentForm.html

@@ -2,8 +2,8 @@
   <form action="{{{discussion.discussionPageUrl}}}" method="post">
     <div class="container-fluid row user-content">
       <div class="submit-panel pull-right btn-toolbar">
-        <button class="btn btn-sm btn-success" type="submit"><i class="fa fa-reply"></i> Reply</button>
         <button class="btn btn-sm btn-danger" type="button" data-toggle="collapse" data-target="#reply-control"><i class="fa fa-close"></i> Cancel</button>
+        <button class="btn btn-sm btn-success" type="submit"><i class="fa fa-reply"></i> Reply</button>
       </div>
       <textarea name="comment-content" data-provide="markdown" data-iconlibrary="fa" class="col-xs-12" placeholder="Type here using Markdown."></textarea>
     </div>