raphael/whiteboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

escape the query on loadwhiteboard and getReadOnlyWid

Browse Source
This commit is contained in:
raphael 2021-06-22 23:10:23 +02:00
parent 0e00bebe88
commit 4f4c5fe87e
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/server-backend.js
View File

@ -49,8 +49,9 @@ function startBackendServer(port) {
* curl -i http://[rootUrl]/api/loadwhiteboard?wid=[MyWhiteboardId] * curl -i http://[rootUrl]/api/loadwhiteboard?wid=[MyWhiteboardId]
*/ */
app.get("/api/loadwhiteboard", function (req, res) { app.get("/api/loadwhiteboard", function (req, res) {
const wid = req["query"]["wid"]; let query = escapeAllContentStrings(req["query"]);
const at = req["query"]["at"]; //accesstoken const wid = query["wid"];
const at = query["at"]; //accesstoken
if (accessToken === "" || accessToken == at) { if (accessToken === "" || accessToken == at) {
const widForData = ReadOnlyBackendService.isReadOnly(wid) const widForData = ReadOnlyBackendService.isReadOnly(wid)
? ReadOnlyBackendService.getIdFromReadOnlyId(wid) ? ReadOnlyBackendService.getIdFromReadOnlyId(wid)
@ -80,8 +81,9 @@ function startBackendServer(port) {
* curl -i http://[rootUrl]/api/getReadOnlyWid?wid=[MyWhiteboardId] * curl -i http://[rootUrl]/api/getReadOnlyWid?wid=[MyWhiteboardId]
*/ */
app.get("/api/getReadOnlyWid", function (req, res) { app.get("/api/getReadOnlyWid", function (req, res) {
const wid = req["query"]["wid"]; let query = escapeAllContentStrings(req["query"]);
const at = req["query"]["at"]; //accesstoken const wid = query["wid"];
const at = query["at"]; //accesstoken
if (accessToken === "" || accessToken == at) { if (accessToken === "" || accessToken == at) {
res.send(ReadOnlyBackendService.getReadOnlyId(wid)); res.send(ReadOnlyBackendService.getReadOnlyId(wid));
res.end(); res.end();