sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-05-24 14:45:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

More secure regex type check

Browse source
This commit is contained in:
Daniel Saewitz 2013-03-01 06:11:32 -05:00
parent 33b529731c
commit 5ce5152757
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/server/api.coffee
View file

@ -64,7 +64,7 @@ validateTask = (req, res, next) ->
type = undefined
delete newTask.type
else if req.method is 'POST'
unless /^habit|todo|daily|reward$/.test type
unless /^(habit|todo|daily|reward)$/.test type
return res.json 400, err: 'type must be habit, todo, daily, or reward'
text = sanitize(text).xss()
@ -106,7 +106,7 @@ router.get '/user/tasks', auth, (req, res) ->
model.ref '_user', req.user
tasks = []
types = ['habit','todo','daily','reward']
if /^habit|todo|daily|reward$/.test req.query.type
if /^(habit|todo|daily|reward)$/.test req.query.type
types = [req.query.type]
for type in types
model.refList "_#{type}List", "_user.tasks", "_user.#{type}Ids"