Commit b589c929 authored by Dennis Willers's avatar Dennis Willers 🏀

Secure isSpielSession query

parent 9d6713fe
Pipeline #285 passed with stages
in 2 minutes and 2 seconds
...@@ -5,10 +5,9 @@ function createRouter(db) { ...@@ -5,10 +5,9 @@ function createRouter(db) {
// the routes are defined here // the routes are defined here
router.post('/addSpielSession', (req, res) => { router.post('/addSpielSession', (req, res) => {
var spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) { if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
db.query( db.query(
'INSERT INTO Spielsession (SessionName) VALUES (\"'+req.body.spielname+'\");', 'INSERT INTO Spielsession (SessionName) VALUES (\"'+spielname+'\");',
(error) => { (error) => {
if (error) { if (error) {
console.error(error); console.error(error);
...@@ -24,8 +23,10 @@ function createRouter(db) { ...@@ -24,8 +23,10 @@ function createRouter(db) {
}); });
router.post('/isSpielSession', (req, res) => { router.post('/isSpielSession', (req, res) => {
var spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
db.query( db.query(
'SELECT SessionName FROM Spielsession WHERE SessionName = \''+req.body.spielname+'\';', 'SELECT SessionName FROM Spielsession WHERE SessionName = \''+spielname+'\';',
(error, results) => { (error, results) => {
if (error) { if (error) {
console.log(error); console.log(error);
...@@ -39,6 +40,9 @@ function createRouter(db) { ...@@ -39,6 +40,9 @@ function createRouter(db) {
} }
} }
); );
} else {
res.status(500).json({status: 'error'});
}
}); });
router.get('/SpielSession', function (req, res) { router.get('/SpielSession', function (req, res) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment