Skip to content

Commit

Permalink
updated input sanitization
Browse files Browse the repository at this point in the history
  • Loading branch information
@csteph9
csteph9 committed Jan 9, 2024
1 parent b9139c8 commit b684076
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 9 deletions.
10 changes: 2 additions & 8 deletions app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ const config = require('./config.js');
const engines = require('consolidate');
const fsan = require('sanitize-filename');
const fileRateLimit = require("./resources/rateLimiter");
const validator = require('validator');

const pool = mysql.createPool({
host: config.host,
Expand Down Expand Up @@ -139,14 +140,7 @@ function sanitize(r)
{
for( i in r )
{
r[i] = r[i].replace(/\</g,'');
r[i] = r[i].replace(/\>/g,'');
r[i] = r[i].replace(/\%/g,'');
r[i] = r[i].replace(/\;/g,'');
r[i] = r[i].replace(/\.\./g,'');
r[i] = r[i].replace(/'/g,'');
r[i] = r[i].replace(/echo/g,'');
r[i] = r[i].replace(/script/g,'');
r[i] = validator.escape(r[i]);
}

return r;
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
"mysql2": "^3.6.5",
"node-import": "^0.9.2",
"nodemon": "^3.0.1",
"sanitize-filename": "^1.6.3"
"sanitize-filename": "^1.6.3",
"validator": "^13.11.0"
}
}

0 comments on commit b684076

Please sign in to comment.