Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity

Filter options passed to toJSON

Browse source 
fixes #5177

- we now pass API/model options directly to toJSON, which is unsafe as these options haven't always been filtered before they are passed.
- this fix adds a filter so that toJSON only uses the options it needs
- additionally, rename the 'name' option to something more specific to prevent clashes
This commit is contained in:
Hannah Wolfe 2015-04-22 20:20:27 +01:00
parent d480ee4912
commit 32125c2f46
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/server/models/base.js
View file

@ -138,6 +138,7 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
var attrs = _.extend({}, this.attributes),
self = this;
options = options || {};
options = _.pick(options, ['shallow', 'baseKey', 'include', 'context']);
if (options && options.shallow) {
return attrs;
@ -150,9 +151,9 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
_.each(this.relations, function (relation, key) {
if (key.substring(0, 7) !== '_pivot_') {
// if include is set, expand to full object
var fullKey = _.isEmpty(options.name) ? key : options.name + '.' + key;
var fullKey = _.isEmpty(options.baseKey) ? key : options.baseKey + '.' + key;
if (_.contains(self.include, fullKey)) {
attrs[key] = relation.toJSON(_.extend({}, options, {name: fullKey, include: self.include}));
attrs[key] = relation.toJSON(_.extend({}, options, {baseKey: fullKey, include: self.include}));
}
}
});