Merge branch 'release/1.0'

@@ -5,6 +5,7 @@
  */
 
 'use strict';
+
 const mcHandler = require('../models/menu-crumb-handler');
 const helpers = global.yoho.helpers;
 const settingModel = require('../models/setting');
@@ -81,26 +82,27 @@ const index = (req, res, next) => {
 
     Promise.all([settingModel.getUserInfo(uid), mcHandler.getMeThumb()]).then(result => {
         const thumb = result[1];
+        let user = result[0];
 
-        result[0].info.gender ? result[0].genders[result[0].info.gender - 1].checked = true :
-            result[0].genders[2].checked = true;
-        result[0].info.head_ico = result[0].info.head_ico ? helpers.image(result[0].info.head_ico, 400, 300, 2) : '';
-        result[0].info.mobile = result[0].info.mobile ? result[0].info.mobile.replace(regMobile, '$1****$2') : '';
-        result[0].stepUrl = '/me/setting/step1';
-        if (result[0].info.birthday) {
-            let a = result[0].info.birthday.split('-');
+        user.info.gender ? user.genders[user.info.gender - 1].checked = true :
+            user.genders[2].checked = true;
+        user.info.head_ico = user.info.head_ico ? helpers.image(user.info.head_ico, 400, 300, 2) : '';
+        user.info.mobile = user.info.mobile ? user.info.mobile.replace(regMobile, '$1****$2') : '';
+        user.stepUrl = '/me/setting/step1';
+        if (user.info.birthday) {
+            let a = user.info.birthday.split('-');
 
-            _.forEach(result[0].date.selectYear, function(x) {
+            _.forEach(user.date.selectYear, function(x) {
                 if (x.value === a[0]) {
                     x.isSelected = 'selected';
                 }
             });
-            _.forEach(result[0].date.selectMonth, function(x) {
+            _.forEach(user.date.selectMonth, function(x) {
                 if (parseInt(x.value, 10) === parseInt(a[1], 10)) {
                     x.isSelected = 'selected';
                 }
             });
-            _.forEach(result[0].date.selectDay, function(x) {
+            _.forEach(user.date.selectDay, function(x) {
                 if (parseInt(x.value, 10) === parseInt(a[2], 10)) {
                     x.isSelected = 'selected';
                 }
@@ -117,7 +119,8 @@ const index = (req, res, next) => {
                 banner: thumb,
                 setting: true,
                 title: '个人设置',
-                userInfo: result[0]
+                userInfo: user,
+                _token: req.csrfToken()
             }
         });
     }).catch(next);

@@ -9,7 +9,9 @@
 const router = require('express').Router(); // eslint-disable-line
 const cRoot = './controllers';
 const auth = require(`${global.middleware}/auth`);
+const csurf = require('csurf');
 
+const csrf = csurf();
 
 // 订单
 const order = require(`${cRoot}/order`);
@@ -60,8 +62,8 @@ router.get('/address/areas/:areaId', address.getAddressData);
 router.get('/currency', auth, currency.index);
 
 // 个人中心首页/个人设置
-router.get('/setting', auth, setting.index);// 个人首页
-router.post('/setting/editUserInfo', auth, setting.editUserInfo);// 修改接口
+router.get('/setting', csrf, auth, setting.index);// 个人首页
+router.post('/setting/editUserInfo', csrf, auth, setting.editUserInfo);// 修改接口
 
 // 第一步
 router.get('/setting/step1/:type', auth, setting.bindMobile, setting.bindEmail, setting.modifyPassword);

 <form id="setting-form" name="setting-form">
+    <input id="scrfToken" name="_csrf" type="hidden" value="{{_token}}">
     {{#userInfo}}
         <div class="setting-page inline-block">
             <input id="gender" type="hidden" value="{{info.gender}}">

@@ -9,7 +9,7 @@
             <div>
                 尊敬的{{mobile}}，恭喜您已经成为YOHO!BLK会员！即刻您可以开启时尚购物之旅！
             </div>
-            <a class="btn btn-fixed-height success-btn" href="{{goShopping}}" data-url="{{goUrl}}">开始购物</a>
+            <a class="btn btn-fixed-height success-btn" href="{{xssURI goShopping}}" data-url="{{goUrl}}">开始购物</a>
         </div>
     {{/ passport}}
 </div>

@@ -9,12 +9,18 @@
 module.exports = () => {
     return (req, res, next) => {
         let isMobile = /(nokia|iphone|android|ipad|motorola|^mot\-|softbank|foma|docomo|kddi|up\.browser|up\.link|htc|dopod|blazer|netfront|helio|hosin|huawei|novarra|CoolPad|webos|techfaith|palmsource|blackberry|alcatel|amoi|ktouch|nexian|samsung|^sam\-|s[cg]h|^lge|ericsson|philips|sagem|wellcom|bunjalloo|maui|symbian|smartphone|midp|wap|phone|windows ce|iemobile|^spice|^bird|^zte\-|longcos|pantech|gionee|^sie\-|portalmmm|jig\s browser|hiptop|^ucweb|^benq|haier|^lct|opera\s*mobi|opera\*mini|320x320|240x320|176x220)/i.test(req.get('user-agent')); // eslint-disable-line
+        let isWechat = /(MicroMessenger)/i.test(req.get('user-agent')); // eslint-disable-line
+
+
+        if (isMobile && req.url === '/') {
+            return res.redirect('//www.yohoshow.com/about/index/blkqr');
+        }
 
         if (isMobile) {
-            // return res.redirect(`//m.yohobuy.com${req.url}`);
             // http://jira.yoho.cn:8888/browse/BLK-2051
-            return res.redirect('//www.yohoshow.com/about/index/blkqr');
+            return res.redirect(`//m.yohoblk.com${req.url}`);
         }
+
         next();
     };
 };

@@ -37,6 +37,7 @@
     "connect-memcached": "^0.2.0",
     "connect-multiparty": "^2.0.0",
     "cookie-parser": "^1.4.3",
+    "csurf": "^1.9.0",
     "express": "^4.13.1",
     "express-handlebars": "^3.0.0",
     "express-session": "^1.13.0",
@@ -61,7 +62,8 @@
     "uuid": "^2.0.2",
     "winston": "^2.2.0",
     "winston-daily-rotate-file": "^1.1.4",
-    "yoho-node-lib": "0.0.39"
+    "xss": "^0.2.13",
+    "yoho-node-lib": "0.0.45"
   },
   "devDependencies": {
     "autoprefixer": "^6.3.6",

@@ -11,7 +11,7 @@ var addr;
 
 var addressReg = /^[\s\S]{2,100}$/;
 var phoneReg = /^(13[0-9]|15[012356789]|17[678]|18[0-9]|14[57])[0-9]{8}$/;
-
+var mobDefault = $('#mob').val();// 手机号默认值
 var validate = require('./order/validation');
 
 var imgBoxTpl = require('../../tpl/me/thumbnail.hbs');
@@ -42,6 +42,13 @@ var validateMap = {
             reg: phoneReg,
             errMsg: '您输入的联系电话格式不正确'
         }
+    },
+    mob1: {
+        sl: '#mob',
+        v: {
+            reg: /^(13[0-9]|15[012356789]|17[678]|18[0-9]|14[57])[0-9, *]{8}$/,
+            errMsg: '您输入的联系电话格式不正确'
+        }
     }
 };
 
@@ -259,9 +266,16 @@ function validateData() {
 
     $inputs.each(function(idx, input) {
         var k = input.id;
+        var v = null;
 
         if (k && validateMap[k]) {
-            if (!validate.start(validateMap[k].sl, validateMap[k].v)) {
+            v = validateMap[k];
+
+            if (validateMap[k].sl === '#mob' && mobDefault === $(this).val()) {
+                v = validateMap.mob1;
+            }
+
+            if (!validate.start(v.sl, v.v)) {
                 pass = false;
             }
         }
@@ -346,9 +360,15 @@ function bindConfirmEvent() {
 function bindBlurEvent() {
     $('.express-info-box .require input').on('blur', function() {
         var $this = $(this);
-        var v = validateMap[this.id];
+        var v = null;
+
+        if ($this.val().length > 0 && validateMap[this.id]) {
+            v = validateMap[this.id];
+
+            if (v.sl === '#mob' && mobDefault === $(this).val()) {
+                v = validateMap.mob1;
+            }
 
-        if ($this.val().length > 0) {
             validate.start(v.sl, v.v);
         }
     });

@@ -158,6 +158,7 @@ $(function() {
         var area = address.getAreaIds();
 
         var body = {
+            _csrf: $('#scrfToken').val(),
             nick_name: $('#nick_name').val(),
             username: $('#username').val(),
             gender: $('#gender').val(),

@@ -7,7 +7,8 @@
 var $ = require('yoho-jquery'),
     cascadingAddress = require('../../plugins/cascading-address'),
     common = require('../../common'),
-    popup = require('../../plugins/dialog');
+    popup = require('../../plugins/dialog'),
+    xss = require('xss');
 
 var $receiver = $('#receiver');
 
@@ -146,7 +147,9 @@ function validateAddress($el, isUpdate) {
 
 // 更新收货信息：姓名，手机号码，区域，详细
 function receiver(ad) {
-    $receiver.html(ad.consignee + ' ' + ad.mobile + ' ' + ad.area + ' ' + ad.address);
+    var html = ad.consignee + ' ' + ad.mobile + ' ' + ad.area + ' ' + ad.address;
+
+    $receiver.html(xss(html));
 }
 
 // 地址弹窗Factory

@@ -315,7 +315,7 @@
             text-align: center;
             border: 2px solid #fff;
             cursor: pointer;
-            width: 289px;
+            width: 288px;
 
             .goods-brand {
                 padding: 10px 10px 4px;
@@ -379,7 +379,7 @@
             background: #fff;
             z-index: 2;
             top: 10px;
-            min-width: 383px;
+            min-width: 368px;
             display: none;
 
             .goods {
@@ -388,7 +388,7 @@
             }
 
             .goods-img-list {
-                margin: 0 7px 2px;
+                margin: 0 0 2px 5px;
                 float: left;
 
                 .goods-img-col {
@@ -399,7 +399,7 @@
                 }
 
                 .goods-img-col:last-child {
-                    margin-right: 10px;
+                    margin-right: 20px;
                 }
 
                 img {

 {{#each address}}
     <li class="address{{#isY is_default}} default{{/isY}}{{#if focus}} focus{{/if}}"
         data-id="{{address_id}}" data-name="{{consignee}}" data-mobile="{{mobile}}"
-        data-phone="{{phone}}" data-areacode="{{area_code}}" data-area="{{area}}"" data-address="{{address}}">
+        data-phone="{{phone}}" data-areacode="{{area_code}}" data-area="{{area}}" data-address="{{address}}">
         <div class="address-header"></div>
         <div class="address-content">
             <p class="default-or-not">
@@ -30,4 +30,4 @@
         <span class="iconfont">&#xe645;</span>
         增加收货地址
     </li>
-{{/if}}
\ No newline at end of file
+{{/if}}

@@ -27,7 +27,8 @@ shelljs.ls(path.join(__dirname, '/js/**/*.page.js')).forEach((f) => {
         'yoho-jquery-accordion',
         'yoho-jquery-nanoscroller',
         'yoho-jquery-placeholder',
-        'yoho-jquery-dotdotdot'
+        'yoho-jquery-dotdotdot',
+        'xss'
     ];
 });