mirror/poke
1
0
Fork 0
mirror of https://codeberg.org/ashley/poke.git synced 2024-11-10 08:18:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix the XSS in user pages

Browse source
This commit is contained in:
ashley 2024-05-11 02:33:43 +00:00
parent 75e4e37789
commit d7ef10b65e
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/libpoketube/init/pages-account.js
View file

@ -104,10 +104,17 @@ app.get("/account-create", async function (req, res) {
} }
}); });
app.get("/my-acc", async function (req, res) { app.get("/my-acc", async function (req, res) {
var userid = req.query.ID var userid = req.query.ID;
var userSubs = db.get(`user.${userid}.subs`)
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
// Check if userid is more than 6 characters
if (userid.length > 6) {
return res.status(400).json({ error: "IDs can be 6 characters max" });
}
var userSubs = db.get(`user.${userid}.subs`);
renderTemplate(res, req, "account-me.ejs", { userid, userSubs });
}); });
}; };