Skip to content

Commit

Permalink
feat: validate search string more carefully
Browse files Browse the repository at this point in the history
Alphanumeric letters must be included. Previously, some clever trash searches made api to throw an error
and return  internal server error.
  • Loading branch information
vesameskanen committed Jan 28, 2022
1 parent 341e1d7 commit 1c057bc
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions sanitizer/_text.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@ function _sanitize( raw, clean ){
// invalid input 'text'
const text = _.trim( _.trim( raw.text ), QUOTES );

if( !_.isString(text) || _.isEmpty(text) ){
messages.errors.push('invalid param \'text\': text length, must be >0');
if( !_.isString(text) || _.isEmpty(text) ||
(!text.match(/\d/) && !text.match(/[a-z]/i))
){
messages.errors.push('invalid param \'text\': text must have alphanumeric content');
} else {
clean.text = text;
}
Expand Down

0 comments on commit 1c057bc

Please sign in to comment.