rae/mipilin
rae/mipilin
1
0
Fork 0
mirror of https://git.sr.ht/~roxwize/mipilin synced 2025-05-12 00:03:06 +00:00
Code Issues Activity

VALIDATION

Browse source 
Signed-off-by: roxwize <rae@roxwize.xyz>
This commit is contained in:
Rae 5e 2025-01-28 22:52:18 -05:00
parent 0015f4bb86
commit 65c29b0564
Signed by: rae
GPG key ID: 5B1A0FAB9BAB81EE
5 changed files with 27 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
routes/users.ts
View file

@ -8,7 +8,7 @@ import {
users
} from "../db/schema.js";
import { and, desc, eq, ne } from "drizzle-orm";
import { getMoods, render, render404, UserStatus } from "./util.js";
import { getMoods, render, render404, UserStatus, validateUrl } from "./util.js";
import { PgColumn } from "drizzle-orm/pg-core";
import dayjs from "dayjs";
@ -139,6 +139,11 @@ export default async function (app: Express, db: NodePgDatabase) {
res.redirect("/login");
return;
}
if (!validateUrl(req.body.website)) {
req.flash("error", "The website URL provided is invalid or malformed.");
res.redirect(req.get("Referrer") || "/");
return;
}
const { uname } = (
await db
.select({ uname: users.name })
@ -153,7 +158,7 @@ export default async function (app: Express, db: NodePgDatabase) {
return;
}
await db //! no sanitization here either BROOOOOOO
await db
.update(profiles)
.set({
// @ts-expect-error