encrypt/gancio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sanitizehtml on event description

Browse Source
This commit is contained in:
les
2020-01-15 23:37:25 +01:00
parent eb65ccbf72
commit 2272dc944c
1 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/api/controller/user.js
View File

@@ -4,6 +4,7 @@ const crypto = require('crypto')
const jwt = require('jsonwebtoken') const jwt = require('jsonwebtoken')
const { Op } = require('sequelize') const { Op } = require('sequelize')
const jsonwebtoken = require('jsonwebtoken') const jsonwebtoken = require('jsonwebtoken')
const sanitizeHtml = require('sanitize-html')
const config = require('config') const config = require('config')
const mail = require('../mail') const mail = require('../mail')
const { user: User, event: Event, tag: Tag, place: Place } = require('../models') const { user: User, event: Event, tag: Tag, place: Place } = require('../models')
@@ -65,12 +66,15 @@ const userController = {
* add event * add event
*/ */
async addEvent (req, res) { async addEvent (req, res) {
if (req.err) {
debug(req.err)
return res.status(400).json(req.err.toString())
}
const body = req.body const body = req.body
const eventDetails = { const eventDetails = {
title: body.title, title: body.title,
// remove html tags // remove html tags
description: body.description ? body.description.replace(/(<([^>]+)>)/ig, '') : '', description: sanitizeHtml(body.description),
multidate: body.multidate, multidate: body.multidate,
start_datetime: body.start_datetime, start_datetime: body.start_datetime,
end_datetime: body.end_datetime, end_datetime: body.end_datetime,
@@ -88,8 +92,10 @@ const userController = {
// create place if needed // create place if needed
let place let place
try { try {
place = await Place.findOrCreate({ where: { name: body.place_name }, place = await Place.findOrCreate({
defaults: { address: body.place_address } }) where: { name: body.place_name },
defaults: { address: body.place_address }
})
.spread((place, created) => place) .spread((place, created) => place)
await event.setPlace(place) await event.setPlace(place)
event.place = place event.place = place
@@ -124,6 +130,9 @@ const userController = {
}, },
async updateEvent (req, res) { async updateEvent (req, res) {
if (req.err) {
return res.status(400).json(req.err.toString())
}
const body = req.body const body = req.body
const event = await Event.findByPk(body.id) const event = await Event.findByPk(body.id)
if (!req.user.is_admin && event.userId !== req.user.id) { if (!req.user.is_admin && event.userId !== req.user.id) {
@@ -140,15 +149,15 @@ const userController = {
body.image_path = req.file.filename body.image_path = req.file.filename
} }
body.description = body.description body.description = sanitizeHtml(body.description)
.replace(/(<([^>]+)>)/ig, '') // remove all tags from description
await event.update(body) await event.update(body)
let place let place
try { try {
place = await Place.findOrCreate({ where: { name: body.place_name }, place = await Place.findOrCreate({
defaults: { address: body.place_address } }) where: { name: body.place_name },
.spread((place, created) => place) defaults: { address: body.place_address }
}).spread((place, created) => place)
} catch (e) { } catch (e) {
console.log('error', e) console.log('error', e)
} }