monkeytypegame/monkeytype
1
1
Fork 0
mirror of https://github.com/monkeytypegame/monkeytype.git synced 2025-03-12 15:08:45 +08:00
Code Issues Projects Releases Packages Wiki Activity

little security patch

Browse source
This commit is contained in:
Jack 2021-07-23 01:11:18 +01:00
parent 4dafb40cc5
commit 77992d18d0
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
functions/index.js
View file

@ -1784,19 +1784,29 @@ exports.saveConfig = functions.https.onCall((request, response) => {
}
if (err) return;
if (key === "resultFilters") return;
if (key === "customBackground") return;
if (key === "customLayoutfluid") return;
let val = obj[key];
if (Array.isArray(val)) {
val.forEach((valarr) => {
if (!isConfigKeyValid(valarr)) {
if (key === "customBackground" || key === "customLayoutfluid") {
if (/[<>]/.test(valarr)) {
err = true;
console.error(`${key}: ${valarr} failed regex check`);
errorMessage = `${key}: ${valarr} failed regex check`;
}
} else if (!isConfigKeyValid(valarr)) {
err = true;
console.error(`${key}: ${valarr} failed regex check`);
errorMessage = `${key}: ${valarr} failed regex check`;
}
});
} else {
if (!isConfigKeyValid(val)) {
if (key === "customBackground" || key === "customLayoutfluid") {
if (/[<>]/.test(val)) {
err = true;
console.error(`${key}: ${valarr} failed regex check`);
errorMessage = `${key}: ${valarr} failed regex check`;
}
} else if (!isConfigKeyValid(val)) {
err = true;
console.error(`${key}: ${val} failed regex check`);
errorMessage = `${key}: ${val} failed regex check`;