Sanitize inputs

This commit is contained in:
Skylar Grant 2022-06-01 13:09:16 -04:00
parent 138e458e82
commit bb8d6c4335
3 changed files with 9 additions and 6 deletions

BIN
.DS_Store vendored Normal file

Binary file not shown.

3
.gitignore vendored
View File

@ -3,6 +3,7 @@
package-lock.json package-lock.json
.VSCodeCounter/ .VSCodeCounter/
# Custom folders # Custom folders
# gifs/* # gifs/*
# pastas/* # pastas/*
@ -80,6 +81,8 @@ typings/
# dotenv environment variables file # dotenv environment variables file
.env .env
.env.test .env.test
.env.dev
.env.prod
# parcel-bundler cache (https://parceljs.org/) # parcel-bundler cache (https://parceljs.org/)
.cache .cache

View File

@ -336,28 +336,28 @@ const functions = {
}, },
upload: { upload: {
request(commandData, client) { request(commandData, client) {
const query = `INSERT INTO requests (author, request, status) VALUES ('${commandData.author}','${commandData.args}','Active')`; const query = `INSERT INTO requests (author, request, status) VALUES ('${db.escape(commandData.author)}','${db.escape(commandData.args)}','Active')`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (err) throw err; if (err) throw err;
functions.download.requests(client); functions.download.requests(client);
}); });
}, },
pasta(pastaData, client) { pasta(pastaData, client) {
const query = `INSERT INTO pastas (name, content) VALUES ('${pastaData.name}','${pastaData.content}')`; const query = `INSERT INTO pastas (name, content) VALUES ('${db.escape(pastaData.name)}','${db.escape(pastaData.content)}')`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (err) throw err; if (err) throw err;
functions.download.pastas(client); functions.download.pastas(client);
}); });
}, },
joint(content, client) { joint(content, client) {
const query = `INSERT INTO joints (content) VALUES ('${content}')`; const query = `INSERT INTO joints (content) VALUES ('${db.escape(content)}')`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (err) throw err; if (err) throw err;
functions.download.joints(client); functions.download.joints(client);
}); });
}, },
gif(gifData, client) { gif(gifData, client) {
const query = `INSERT INTO gifs (name, embed_url) VALUES ('${gifData.name}', '${gifData.embed_url}')`; const query = `INSERT INTO gifs (name, embed_url) VALUES ('${db.escape(gifData.name)}', '${db.escape(gifData.embed_url)}')`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (err) throw err; if (err) throw err;
functions.download.gifs(client); functions.download.gifs(client);
@ -395,7 +395,7 @@ const functions = {
}, },
strain(commandData, message) { strain(commandData, message) {
const { strainName } = commandData; const { strainName } = commandData;
const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${strainName}'`; const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${db.escape(strainName)}'`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (rows != undefined) { if (rows != undefined) {
commandData.strainInfo = { commandData.strainInfo = {
@ -436,7 +436,7 @@ const functions = {
}, },
// Parent-Level functions (miscellaneuous) // Parent-Level functions (miscellaneuous)
closeRequest(requestId, client) { closeRequest(requestId, client) {
const query = `UPDATE requests SET status = 'Closed' WHERE id = ${requestId}`; const query = `UPDATE requests SET status = 'Closed' WHERE id = ${db.escape(requestId)}`;
db.query(query, (err, rows, fields) => { db.query(query, (err, rows, fields) => {
if (err) throw err; if (err) throw err;
functions.download.requests(client); functions.download.requests(client);