ki9
/
tracman-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

#38 Sanatized user input

master
Keith Irwin 2017-03-18 14:58:18 -04:00
parent ccacbbf5c4
commit d652c3ba15
No known key found for this signature in database
GPG Key ID: 378933C743E2BBC0
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/routes/index.js
View File

@ -1,6 +1,7 @@
'use strict'; 'use strict';
const slug = require('slug'), const slug = require('slug'),
xss = require('xss'),
mw = require('../middleware.js'), mw = require('../middleware.js'),
User = require('../models/user.js'), User = require('../models/user.js'),
router = require('express').Router(); router = require('express').Router();
@ -26,8 +27,8 @@ router.route('/settings').all(mw.ensureAuth, function(req,res,next){
// Set new settings // Set new settings
.post(function(req,res,next){ .post(function(req,res,next){
User.findByIdAndUpdate(req.session.passport.user, {$set:{ User.findByIdAndUpdate(req.session.passport.user, {$set:{
name: req.body.name, name: xss(req.body.name),
slug: slug(req.body.slug), slug: slug(xss(req.body.slug)),
email: req.body.email, email: req.body.email,
settings: { settings: {
units: req.body.units, units: req.body.units,

2
package.json
View File

@ -35,7 +35,7 @@
"supertest": "^1.2.0" "supertest": "^1.2.0"
}, },
"scripts": { "scripts": {
"tests": "mocha test.js", "test": "mocha test.js",
"start": "node server.js", "start": "node server.js",
"dev": "nodemon server.js", "dev": "nodemon server.js",
"deploy": "ssh khp deploy-tracman", "deploy": "ssh khp deploy-tracman",