Backups/Mango
1
0
Fork 0
mirror of https://github.com/hkalexling/Mango.git synced 2025-08-02 19:05:32 -04:00
Code Issues Projects Releases Wiki Activity

Sanitize parameters on user edit page (fixes #289)

Browse Source
This commit is contained in:
Alex Ling 2022-04-04 03:20:52 +00:00
parent d1de8b7a4e
commit ebe2c8efed
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
shard.lock
View File

@ -68,6 +68,10 @@ shards:
git: https://github.com/luislavena/radix.git git: https://github.com/luislavena/radix.git
version: 0.4.1 version: 0.4.1
sanitize:
git: https://github.com/hkalexling/sanitize.git
version: 0.1.0+git.commit.e09520e972d0d9b70b71bb003e6831f7c2c59dce
sqlite3: sqlite3:
git: https://github.com/crystal-lang/crystal-sqlite3.git git: https://github.com/crystal-lang/crystal-sqlite3.git
version: 0.18.0 version: 0.18.0

2
shard.yml
View File

@ -42,3 +42,5 @@ dependencies:
branch: master branch: master
mg: mg:
github: hkalexling/mg github: hkalexling/mg
sanitize:
github: hkalexling/sanitize

8
src/routes/admin.cr
View File

@ -1,3 +1,5 @@
require "sanitize"
struct AdminRouter struct AdminRouter
def initialize def initialize
get "/admin" do |env| get "/admin" do |env|
@ -14,13 +16,13 @@ struct AdminRouter
end end
get "/admin/user/edit" do |env| get "/admin/user/edit" do |env|
username = env.params.query["username"]? sanitizer = Sanitize::Policy::Text.new
username = env.params.query["username"]?.try { |s| sanitizer.process s }
admin = env.params.query["admin"]? admin = env.params.query["admin"]?
if admin if admin
admin = admin == "true" admin = admin == "true"
end end
error = env.params.query["error"]? error = env.params.query["error"]?.try { |s| sanitizer.process s }
current_user = get_username env
new_user = username.nil? && admin.nil? new_user = username.nil? && admin.nil?
layout "user-edit" layout "user-edit"
end end