Fix parameter sanitization

TristanDamron · TristanDamron · commit 5d705edaed66 · 2024-11-27T21:42:05.000-08:00
diff --git a/src/index.js b/src/index.js
@@ -27,7 +27,7 @@ app.get("/registry", async (req, res) => {
 })
 
 app.post("/registry", async (req, res) => {
-    const keyVal = await sanitizeString(key(req.body))
+    const keyVal = await key(req.body)
     const urlVal = sanitizeString(url(req.body))
     const titleVal = sanitizeString(checkForBannedWords(req.body, "title"))
     const descriptionVal = sanitizeString(checkForBannedWords(req.body, "description"))
diff --git a/src/utils.js b/src/utils.js
@@ -16,8 +16,9 @@ export function orderBy(body) {
 }
 
 export async function key(body) {
-    const keyVal = body.hasOwnProperty("key") ? body["key"] : ""
+    const keyVal = body.hasOwnProperty("key") ? sanitizeString(body["key"]) : ""
     if ((await db.result(`SELECT * FROM users WHERE key = '${keyVal}'`, null, r => r.rowCount)) === 0) return ""
+    return keyVal
 }
 
 export function searchByTag(body) {

Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,9 @@ export function orderBy(body) {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`export async function key(body) {`
`19`		`- const keyVal = body.hasOwnProperty("key") ? body["key"] : ""`
	`19`	`+ const keyVal = body.hasOwnProperty("key") ? sanitizeString(body["key"]) : ""`
`20`	`20`	if ((await db.result(`SELECT * FROM users WHERE key = '${keyVal}'`, null, r => r.rowCount)) === 0) return ""
	`21`	`+ return keyVal`
`21`	`22`	`}`
`22`	`23`
`23`	`24`	`export function searchByTag(body) {`