aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkaotisk <kaotisk@arching-kaos.org>2024-06-04 16:44:28 +0300
committerkaotisk <kaotisk@arching-kaos.org>2024-06-04 16:44:28 +0300
commit8f5f4a30da8f3226ff5337d1da8f76f7eed08034 (patch)
tree57d0b2b80552feeb2fe12431efd79f3369c0a80b
parent9f8e07ff3fc7dc361e8d760f8f4535645ac056e6 (diff)
downloadarching-kaos-tools-8f5f4a30da8f3226ff5337d1da8f76f7eed08034.tar.gz
arching-kaos-tools-8f5f4a30da8f3226ff5337d1da8f76f7eed08034.tar.bz2
arching-kaos-tools-8f5f4a30da8f3226ff5337d1da8f76f7eed08034.zip
Path traversal fix test
-rw-r--r--api/routes/getMrk/index.js5
1 files changed, 3 insertions, 2 deletions
diff --git a/api/routes/getMrk/index.js b/api/routes/getMrk/index.js
index 097f1f0..6cc61b8 100644
--- a/api/routes/getMrk/index.js
+++ b/api/routes/getMrk/index.js
@@ -49,10 +49,11 @@ module.exports = (req, res) => {
if ( (req.params.mrk) && req.params.mrk.length === 128 ){
regex= /[a-f0-9]{128}/;
if (regex.test(req.params.mrk)){
- if (req.params.mrk === "QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH" ){
+ let mrk = req.params.mrk;
+ if (mrk === "QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH" ){
res.send({error:"Genesis block"});
} else {
- fetchFmrk(req.params.mrk,res);
+ fetchFmrk(mrk,res);
}
} else {
res.send({error:"Invalid data: regexp failed to pass"});