voidf1sh
/
nodbot
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Sanitize inputs

This commit is contained in:
Skylar Grant 2022-06-01 13:09:16 -04:00
parent 138e458e82
commit bb8d6c4335
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

3
.gitignore vendored
View File

@ -3,6 +3,7 @@
package-lock.json
.VSCodeCounter/
# Custom folders
# gifs/*
# pastas/*
@ -80,6 +81,8 @@ typings/
# dotenv environment variables file
.env
.env.test
.env.dev
.env.prod
# parcel-bundler cache (https://parceljs.org/)
.cache

12
functions.js
View File

@ -336,28 +336,28 @@ const functions = {
},
upload: {
request(commandData, client) {
const query = `INSERT INTO requests (author, request, status) VALUES ('${commandData.author}','${commandData.args}','Active')`;
const query = `INSERT INTO requests (author, request, status) VALUES ('${db.escape(commandData.author)}','${db.escape(commandData.args)}','Active')`;
db.query(query, (err, rows, fields) => {
if (err) throw err;
functions.download.requests(client);
});
},
pasta(pastaData, client) {
const query = `INSERT INTO pastas (name, content) VALUES ('${pastaData.name}','${pastaData.content}')`;
const query = `INSERT INTO pastas (name, content) VALUES ('${db.escape(pastaData.name)}','${db.escape(pastaData.content)}')`;
db.query(query, (err, rows, fields) => {
if (err) throw err;
functions.download.pastas(client);
});
},
joint(content, client) {
const query = `INSERT INTO joints (content) VALUES ('${content}')`;
const query = `INSERT INTO joints (content) VALUES ('${db.escape(content)}')`;
db.query(query, (err, rows, fields) => {
if (err) throw err;
functions.download.joints(client);
});
},
gif(gifData, client) {
const query = `INSERT INTO gifs (name, embed_url) VALUES ('${gifData.name}', '${gifData.embed_url}')`;
const query = `INSERT INTO gifs (name, embed_url) VALUES ('${db.escape(gifData.name)}', '${db.escape(gifData.embed_url)}')`;
db.query(query, (err, rows, fields) => {
if (err) throw err;
functions.download.gifs(client);
@ -395,7 +395,7 @@ const functions = {
},
strain(commandData, message) {
const { strainName } = commandData;
const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${strainName}'`;
const query = `SELECT id, name, type, effects, ailment, flavor FROM strains WHERE name = '${db.escape(strainName)}'`;
db.query(query, (err, rows, fields) => {
if (rows != undefined) {
commandData.strainInfo = {
@ -436,7 +436,7 @@ const functions = {
},
// Parent-Level functions (miscellaneuous)
closeRequest(requestId, client) {
const query = `UPDATE requests SET status = 'Closed' WHERE id = ${requestId}`;
const query = `UPDATE requests SET status = 'Closed' WHERE id = ${db.escape(requestId)}`;
db.query(query, (err, rows, fields) => {
if (err) throw err;
functions.download.requests(client);