fatchan
/
jschan
mirror of https://gitgud.io/fatchan/jschan.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reject invalid arrays for parsed post body

Browse Source
merge-requests/208/head
fatchan 5 years ago
parent 860044fba8
commit f7ba9bda75
1 changed files with 15 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      helpers/paramconverter.js

16
helpers/paramconverter.js
Unescape View File

@ -1,9 +1,23 @@
'use strict';
const Mongo = require(__dirname+'/../db/db.js');
const Mongo = require(__dirname+'/../db/db.js')
, allowedArrays = new Set(['checkedposts', 'globalcheckedposts', 'checkedbans'])
module.exports = (req, res, next) => {
const bodyfields = Object.keys(req.body);
for (let i = 0; i < bodyfields.length; i++) {
const key = bodyfields[i];
const val = req.body[key];
if (!allowedArrays.has(key) && Array.isArray(val)) {
//this is an array from malformed input, deny it.
return res.status(400).render('message', {
'title': 'Bad request',
'message': 'Malformed input'
});
}
}
//convert to numbers of mongoIds for action routes
if (req.body.checkedposts) {
req.body.checkedposts = req.body.checkedposts.map(Number);

Write Preview
Loading…
Cancel
Save