#38 Sanatized user input
parent
ccacbbf5c4
commit
d652c3ba15
|
@ -1,6 +1,7 @@
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
const slug = require('slug'),
|
const slug = require('slug'),
|
||||||
|
xss = require('xss'),
|
||||||
mw = require('../middleware.js'),
|
mw = require('../middleware.js'),
|
||||||
User = require('../models/user.js'),
|
User = require('../models/user.js'),
|
||||||
router = require('express').Router();
|
router = require('express').Router();
|
||||||
|
@ -26,8 +27,8 @@ router.route('/settings').all(mw.ensureAuth, function(req,res,next){
|
||||||
// Set new settings
|
// Set new settings
|
||||||
.post(function(req,res,next){
|
.post(function(req,res,next){
|
||||||
User.findByIdAndUpdate(req.session.passport.user, {$set:{
|
User.findByIdAndUpdate(req.session.passport.user, {$set:{
|
||||||
name: req.body.name,
|
name: xss(req.body.name),
|
||||||
slug: slug(req.body.slug),
|
slug: slug(xss(req.body.slug)),
|
||||||
email: req.body.email,
|
email: req.body.email,
|
||||||
settings: {
|
settings: {
|
||||||
units: req.body.units,
|
units: req.body.units,
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
"supertest": "^1.2.0"
|
"supertest": "^1.2.0"
|
||||||
},
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"tests": "mocha test.js",
|
"test": "mocha test.js",
|
||||||
"start": "node server.js",
|
"start": "node server.js",
|
||||||
"dev": "nodemon server.js",
|
"dev": "nodemon server.js",
|
||||||
"deploy": "ssh khp deploy-tracman",
|
"deploy": "ssh khp deploy-tracman",
|
||||||
|
|
Loading…
Reference in New Issue