moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #466 from Poniverse/3.0 

Sanitized output of channel name in invalid channel
This commit is contained in:
Calvin Montgomery 2015-04-18 22:57:53 -05:00
parent 4a7e478f37 36290dfd5e
commit 193385c88c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/web/webserver.js
View File

@ -15,6 +15,7 @@ var static = require("serve-static");
var morgan = require("morgan");
var session = require("../session");
var csrf = require("./csrf");
var XSS = require("../xss");
const LOG_FORMAT = ':real-address - :remote-user [:date] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent"';
morgan.token('real-address', function (req) { return req._ip; });
@ -76,7 +77,7 @@ function redirectHttp(req, res) {
function handleChannel(req, res) {
if (!$util.isValidChannelName(req.params.channel)) {
res.status(404);
res.send("Invalid channel name '" + req.params.channel + "'");
res.send("Invalid channel name '" + XSS.sanitizeText(req.params.channel) + "'");
return;
}