Writefreely
/
writefreely
mirror of https://github.com/writeas/writefreely
1
0
Fork 0
Code Issues Releases Wiki Activity

Restrict /invite/{code} route to valid chars 

Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
This commit is contained in:
Matt Baer 2020-01-29 09:11:02 -05:00
parent 93dd2341c2
commit d6b7a5925f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
routes.go
View File

@ -161,7 +161,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
// Handle special pages first
write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))
write.HandleFunc("/signup", handler.Web(handleViewLanding, UserLevelNoneRequired))
write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")
write.HandleFunc("/invite/{code:[a-zA-Z0-9]+}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")
// TODO: show a reader-specific 404 page if the function is disabled
write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))
RouteRead(handler, UserLevelReader, write.PathPrefix("/read").Subrouter())