diff options
| author | kaotisk <kaotisk@arching-kaos.org> | 2024-06-04 16:48:40 +0300 |
|---|---|---|
| committer | kaotisk <kaotisk@arching-kaos.org> | 2024-06-04 16:48:40 +0300 |
| commit | b9ba1a96e6a93e203f26da3e20ce1d4987925318 (patch) | |
| tree | aa0820c5fa85bdd003df727016727965a94e73e1 /api/routes/getTr | |
| parent | 8f5f4a30da8f3226ff5337d1da8f76f7eed08034 (diff) | |
| download | arching-kaos-tools-b9ba1a96e6a93e203f26da3e20ce1d4987925318.tar.gz arching-kaos-tools-b9ba1a96e6a93e203f26da3e20ce1d4987925318.tar.bz2 arching-kaos-tools-b9ba1a96e6a93e203f26da3e20ce1d4987925318.zip | |
Path traversal fix + validation
Diffstat (limited to 'api/routes/getTr')
| -rw-r--r-- | api/routes/getTr/index.js | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/api/routes/getTr/index.js b/api/routes/getTr/index.js index a7acb55..5701f52 100644 --- a/api/routes/getTr/index.js +++ b/api/routes/getTr/index.js @@ -46,13 +46,14 @@ function fetchFtr(tr, res){ module.exports = (req, res) => { console.log(req.params) res.set('Content-Type', 'application/json'); - if ( (req.params.tr) && req.params.tr.length === 128 ){ + if ( (req.params.tr) && typeof req.params.tr === "string" && req.params.tr.length === 128 ){ regex= /[a-f0-9]{128}/; if (regex.test(req.params.tr)){ - if (req.params.tr === "QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH" ){ + let tr = req.params.tr; + if (tr === "QmbFMke1KXqnYyBBWxB74N4c5SBnJMVAiMNRcGu6x1AwQH" ){ res.send({error:"Genesis block"}); } else { - fetchFtr(req.params.tr,res); + fetchFtr(tr,res); } } else { res.send({error:"Invalid data: regexp failed to pass"}); |