mirror of https://github.com/calzoneman/sync.git
Merge pull request #466 from Poniverse/3.0
Sanitized output of channel name in invalid channel
This commit is contained in:
commit
193385c88c
|
@ -15,6 +15,7 @@ var static = require("serve-static");
|
||||||
var morgan = require("morgan");
|
var morgan = require("morgan");
|
||||||
var session = require("../session");
|
var session = require("../session");
|
||||||
var csrf = require("./csrf");
|
var csrf = require("./csrf");
|
||||||
|
var XSS = require("../xss");
|
||||||
|
|
||||||
const LOG_FORMAT = ':real-address - :remote-user [:date] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent"';
|
const LOG_FORMAT = ':real-address - :remote-user [:date] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent"';
|
||||||
morgan.token('real-address', function (req) { return req._ip; });
|
morgan.token('real-address', function (req) { return req._ip; });
|
||||||
|
@ -76,7 +77,7 @@ function redirectHttp(req, res) {
|
||||||
function handleChannel(req, res) {
|
function handleChannel(req, res) {
|
||||||
if (!$util.isValidChannelName(req.params.channel)) {
|
if (!$util.isValidChannelName(req.params.channel)) {
|
||||||
res.status(404);
|
res.status(404);
|
||||||
res.send("Invalid channel name '" + req.params.channel + "'");
|
res.send("Invalid channel name '" + XSS.sanitizeText(req.params.channel) + "'");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue