From fae0cd9f547a1357422b8779e1a132626a09c19b Mon Sep 17 00:00:00 2001
From: Alan Guo Xiang Tan <gxtan1990@gmail.com>
Date: Thu, 5 Jan 2023 08:51:33 +0800
Subject: [PATCH] SECURITY: use rstrip instead of regex gsub to prevent ReDOS
 (#19738)

`rstrip` implementation is much more performant than regex

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
---
 lib/post_creator.rb | 2 +-
 lib/post_revisor.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/post_creator.rb b/lib/post_creator.rb
index 3bedd2a1d1..b7e19b0395 100644
--- a/lib/post_creator.rb
+++ b/lib/post_creator.rb
@@ -549,7 +549,7 @@ class PostCreator
   end
 
   def setup_post
-    @opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').gsub(/\s+\z/, "")
+    @opts[:raw] = TextCleaner.normalize_whitespaces(@opts[:raw] || '').rstrip
 
     post = Post.new(raw: @opts[:raw],
                     topic_id: @topic.try(:id),
diff --git a/lib/post_revisor.rb b/lib/post_revisor.rb
index f3b8aa7333..66a9a4d598 100644
--- a/lib/post_revisor.rb
+++ b/lib/post_revisor.rb
@@ -258,7 +258,7 @@ class PostRevisor
   end
 
   def cleanup_whitespaces(raw)
-    raw.present? ? TextCleaner.normalize_whitespaces(raw).gsub(/\s+\z/, "") : ""
+    raw.present? ? TextCleaner.normalize_whitespaces(raw).rstrip : ""
   end
 
   def should_revise?