From b9e465b714e7d94d7499335516f470bf27f1650e Mon Sep 17 00:00:00 2001 From: calzoneman Date: Sat, 27 Jul 2013 10:11:31 -0400 Subject: [PATCH] Fix URI encoding on register/login, also fix database escape bug --- api.js | 11 +++++++---- database.js | 5 +++++ www/assets/js/account.js | 38 ++++++++++++++++++++------------------ www/assets/js/acp.js | 3 ++- www/channellist.html | 5 +++-- www/login.html | 4 +++- 6 files changed, 40 insertions(+), 26 deletions(-) diff --git a/api.js b/api.js index 6d5bf869..7b9c38e8 100644 --- a/api.js +++ b/api.js @@ -235,7 +235,7 @@ module.exports = function (Server) { handlePasswordReset: function (params, req, res) { var name = params.name || ""; - var email = unescape(params.email || ""); + var email = params.email || ""; var ip = getIP(req); var hash = false; @@ -353,8 +353,11 @@ module.exports = function (Server) { var name = params.name || ""; var pw = params.pw || ""; var session = params.session || ""; - var img = unescape(params.profile_image || ""); - var text = unescape(params.profile_text || ""); + var img = params.profile_image || ""; + var text = params.profile_text || ""; + console.log(name); + console.log(img); + console.log(text); var row = Auth.login(name, pw, session); if(!row) { @@ -394,7 +397,7 @@ module.exports = function (Server) { handleEmailChange: function (params, req, res) { var name = params.name || ""; var pw = params.pw || ""; - var email = unescape(params.email) || ""; + var email = params.email || ""; // perhaps my email regex isn't perfect, but there's no freaking way // I'm implementing this monstrosity: // diff --git a/database.js b/database.js index 3901a3d9..f1068610 100644 --- a/database.js +++ b/database.js @@ -86,6 +86,11 @@ function createQuery(template, args) { var idx = template.indexOf("?", last); var arg = args.shift(); arg = sqlEscape(arg); + // Stupid workaround because even if I call replace() with a string + // and not a regex, '$' still holds special meaning + // this actually replaces '$' with '$$' + // What the hell, Javascript? + arg = arg.replace(/\$/g, "$$$$"); var first = template.substring(0, idx); template = first + template.substring(idx).replace("?", arg); last = idx + arg.length; diff --git a/www/assets/js/account.js b/www/assets/js/account.js index 3677778e..391f4f31 100644 --- a/www/assets/js/account.js +++ b/www/assets/js/account.js @@ -15,7 +15,8 @@ var api = WEB_URL + "/api/json/"; var loggedin = false; if(uname && session) { - var loginstr = "name=" + uname + "&session=" + session; + var loginstr = "name=" + encodeURIComponent(uname) + + "&session=" + session; var url = api + "login?" + loginstr + "&callback=?"; $.getJSON(url, function(data) { if(data.success) { @@ -56,7 +57,7 @@ $("#email").click(makeTabCallback("#email", "#changeemailpane")); $("#profile").click(makeTabCallback("#profile", "#profilepane")); $("#profile").click(function() { if(uname != "") { - $.getJSON(api + "getprofile?name=" + uname + "&callback=?", function(data) { + $.getJSON(api + "getprofile?name=" + encodeURIComponent(uname) + "&callback=?", function(data) { if(data.success) { $("#profiletext").val(data.profile_text); $("#profileimg").val(data.profile_image); @@ -107,8 +108,8 @@ $("#registerbtn").click(function() { // Input valid, try registering var url = api + "register?" + [ - "name=" + name, - "pw=" + pw + "name=" + encodeURIComponent(name), + "pw=" + encodeURIComponent(pw) ].join("&") + "&callback=?"; $.getJSON(url, function(data) { @@ -142,7 +143,8 @@ $("#loginbtn").click(function() { return; } uname = $("#loginusername").val(); - var loginstr = "name=" + uname + "&pw=" + $("#loginpw").val(); + var loginstr = "name=" + encodeURIComponent(uname) + + "&pw=" + encodeURIComponent($("#loginpw").val()); var url = api + "login?" + loginstr + "&callback=?"; $.getJSON(url, function(data) { if(data.success) { @@ -202,9 +204,9 @@ $("#cpwbtn").click(function() { // Input valid, try changing password var url = api + "changepass?" + [ - "name=" + name, - "oldpw=" + oldpw, - "newpw=" + newpw + "name=" + encodeURIComponent(name), + "oldpw=" + encodeURIComponent(oldpw), + "newpw=" + encodeURIComponent(newpw) ].join("&") + "&callback=?"; $.getJSON(url, function(data) { if(data.success) { @@ -253,11 +255,10 @@ $("#cebtn").click(function() { return; } - email = escape(email); var url = api + "setemail?" + [ - "name=" + name, - "pw=" + pw, - "email=" + email + "name=" + encodeURIComponent(name), + "pw=" + encodeURIComponent(pw), + "email=" + encodeURIComponent(email) ].join("&") + "&callback=?"; $.getJSON(url, function(data) { if(data.success) { @@ -284,10 +285,9 @@ $("#rpbtn").click(function() { var name = $("#rpusername").val(); var email = $("#rpemail").val(); - email = escape(email); var url = api + "resetpass?" + [ - "name=" + name, - "email=" + email + "name=" + encodeURIComponent(name), + "email=" + encodeURIComponent(email) ].join("&") + "&callback=?"; $.getJSON(url, function(data) { $("#rpbtn").text("Send Reset"); @@ -309,15 +309,17 @@ $("#profilesave").click(function() { $("#profilepane").find(".alert-error").remove(); $("#profilepane").find(".alert-success").remove(); var img = $("#profileimg").val(); + /* img = escape(img).replace(/\//g, "%2F") .replace(/&/g, "%26") .replace(/=/g, "%3D") .replace(/\?/g, "%3F"); + */ var url = api + "setprofile?" + [ - "name=" + uname, + "name=" + encodeURIComponent(uname), "session=" + session, - "profile_image=" + img, - "profile_text=" + escape($("#profiletext").val()) + "profile_image=" + encodeURIComponent(img), + "profile_text=" + encodeURIComponent($("#profiletext").val()) ].join("&") + "&callback=?"; $.getJSON(url, function(data) { diff --git a/www/assets/js/acp.js b/www/assets/js/acp.js index fd3c983d..e91d1fd8 100644 --- a/www/assets/js/acp.js +++ b/www/assets/js/acp.js @@ -332,7 +332,8 @@ function setupCallbacks() { CLIENT.logged_in = true; socket.emit("acp-init"); if(SESSION) { - AUTH = "name=" + CLIENT.name + "&session=" + SESSION; + AUTH = "name=" + encodeURIComponent(CLIENT.name) + + "&session=" + SESSION; createCookie("cytube_uname", CLIENT.name, 7); createCookie("cytube_session", SESSION, 7); } diff --git a/www/channellist.html b/www/channellist.html index 4b9c2942..12efb5f5 100644 --- a/www/channellist.html +++ b/www/channellist.html @@ -49,7 +49,7 @@ var uname = readCookie("cytube_uname") || ""; var p = ""; if(uname && session) { - $.getJSON(WEB_URL+"/api/json/login?name="+uname+"&session="+session+"&callback=?", function(data) { + $.getJSON(WEB_URL+"/api/json/login?name="+encodeURIComponent(uname)+"&session="+session+"&callback=?", function(data) { if(data.success) { $(".loginform").remove(); createCookie("cytube_uname", uname, 7); @@ -63,7 +63,8 @@ var q = ""; $("#login").click(function() { uname = $("#name").val(); - q = "name=" + $("#name").val() + "&pw=" + $("#pw").val(); + q = "name=" + encodeURIComponent($("#name").val()) + + "&pw=" + encodeURIComponent($("#pw").val()); $.getJSON(WEB_URL+"/api/json/login?"+q+"&callback=?", function(data) { if(data.success) { $(".loginform").remove(); diff --git a/www/login.html b/www/login.html index 6a3b086c..02fe6b72 100644 --- a/www/login.html +++ b/www/login.html @@ -66,7 +66,9 @@ window.addEventListener("message", respond, false); $("#login").click(function() { - $.getJSON(WEB_URL+"/api/json/login?name="+$("#username").val()+"&pw="+$("#pw").val()+"&callback=?", function(data) { + var u = encodeURIComponent($("#username").val()); + var p = encodeURIComponent($("#pw").val()); + $.getJSON(WEB_URL+"/api/json/login?name="+u+"&pw="+p+"&callback=?", function(data) { data.uname = $("#username").val(); source.postMessage("cytube-login:"+JSON.stringify(data), document.location); });