Commit 41037d7b authored by Eben Blaisdell's avatar Eben Blaisdell

safe strats

parent 4999c863
......@@ -24,7 +24,7 @@ app.use('/', express.static(path.join(__dirname, 'public')));
app.post('/signup', function (req, res) {
username = req.body.username;
if(username == "" || username.indexOf("..") != -1){
if(checkFileSafe(username)){
res.send("Username of Invalid Form Taken.");
return;
}
......@@ -76,6 +76,10 @@ app.post('/signup', function (req, res) {
});
app.post('/push', function (req, res) {
if(!checkFileSafe(req.body.strat)){
res.send("Invalid Strat.");
return;
}
username = req.body.username;
password = req.body.password;
login(username,password,res,function(userinfo){
......@@ -91,6 +95,10 @@ app.post('/push', function (req, res) {
});
app.post('/pull', function (req, res) {
if(!checkFileSafe(req.body.strat)){
res.send("Invalid Strat.");
return;
}
username = req.body.username;
password = req.body.password;
login(username,password,res,function(userinfo){
......@@ -281,6 +289,10 @@ function ipAddresses(){
return addresses;
}
function checkFileSafe(filename){
filename == "" || filename.indexOf("..") != -1 || filename.indexOf("~") != -1 || filename.indexOf("/") != -1;
}
function findWithAttr(array, attr, value) {
for(var i = 0; i < array.length; i += 1) {
if(array[i][attr] === value) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment