Commit d05bcfd3 authored by Dennis Willers's avatar Dennis Willers 🏀

Only allow low case session names

parent 9f0d0040
Pipeline #339 passed with stages
in 3 minutes and 19 seconds
......@@ -20,7 +20,7 @@ function createRouter(db) {
const isSession = function isSession(req, res, next) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'SELECT SessionName FROM Session WHERE SessionName = \''+spielname+'\';';
console.log('isSession:' ,sql);
db.query(
......@@ -45,7 +45,7 @@ function createRouter(db) {
const getGamestatus = function(req, res) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'SELECT SessionID, Red, Blue, RedTurn, ActiveExplainer, ActiveWatchdog FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('getGamestatus: ',sql);
db.query(
......@@ -76,7 +76,7 @@ function createRouter(db) {
const addSession = function addSession(req, res) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'INSERT INTO Session (SessionName) VALUES (\"'+spielname+'\");';
console.log('addSession1: ', sql);
db.query(
......@@ -128,7 +128,7 @@ function createRouter(db) {
const getS2C = function getS2C(req, res) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
let card;
const sql = 'SELECT Card.CardID, Solution, Tabu1, Tabu2, Tabu3, Tabu4, Tabu5 \n' +
'FROM Card \n' +
......@@ -186,7 +186,7 @@ function createRouter(db) {
const isActiveExplainer = function isActiveExplainer(req, res, next) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'SELECT ActiveExplainer FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('isActiveExplainer: ',sql)
db.query(
......@@ -211,7 +211,7 @@ function createRouter(db) {
const newRound = function newRound(req, res) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'UPDATE Gamestatus SET ActiveExplainer = 1, ActiveWatchdog=1 WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('newRound: ', sql);
db.query(
......@@ -237,7 +237,7 @@ function createRouter(db) {
function endRound(req) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'UPDATE Gamestatus SET RedTurn = (SELECT 1-Gamestatus.RedTurn FROM Gamestatus INNER JOIN Session ON Session.SessionID=Gamestatus.SessionID WHERE Session.SessionName = \"'+spielname+'\"), ActiveExplainer = 0, ActiveWatchdog=0 WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('endRound: ', sql);
db.query(
......@@ -263,7 +263,7 @@ function createRouter(db) {
const newGame = function newGame(req, res) {
const spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null) {
const sql = 'UPDATE Gamestatus SET Red = 0, Blue = 0, RedTurn = '+Math.round(Math.random())+' WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('newGame: ', sql);
db.query(
......@@ -289,7 +289,7 @@ function createRouter(db) {
console.log(req.body);
const spielname = req.body.spielname;
const team = req.body.team;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null && team.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null && team.match(/^[0-9a-z]+$/) != null) {
if (team === 'red') {
const sql = 'UPDATE Gamestatus SET Red = 1+(SELECT Red FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")) WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('addPoint Red:', sql);
......@@ -340,7 +340,7 @@ function createRouter(db) {
console.log(req.body);
const spielname = req.body.spielname;
const team = req.body.team;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null && team.match(/^[0-9a-zA-Z]+$/) != null) {
if (spielname.match(/^[0-9a-z]+$/) != null && team.match(/^[0-9a-z]+$/) != null) {
if (team === 'red') {
const sql = 'UPDATE Gamestatus SET Red = -1+(SELECT Red FROM Gamestatus WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")) WHERE SessionID = (SELECT SessionID FROM Session WHERE SessionName = \"'+spielname+'\")';
console.log('removePoint Red: ', sql);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment