Skip to content

Commit

Permalink
mongodb 注入漏洞
Browse files Browse the repository at this point in the history
  • Loading branch information
alsotang committed May 5, 2015
1 parent b7ac06b commit 0f6cc14
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions controllers/sign.js
Original file line number Diff line number Diff line change
Expand Up @@ -171,8 +171,8 @@ exports.signout = function (req, res, next) {
};

exports.active_account = function (req, res, next) {
var key = req.query.key;
var name = req.query.name;
var key = validator.trim(req.query.key);
var name = validator.trim(req.query.name);

User.getUserByLoginName(name, function (err, user) {
if (err) {
Expand Down Expand Up @@ -238,8 +238,8 @@ exports.updateSearchPass = function (req, res, next) {
* @param {Function} next
*/
exports.reset_pass = function (req, res, next) {
var key = req.query.key;
var name = req.query.name;
var key = validator.trim(req.query.key);
var name = validator.trim(req.query.name);
User.getUserByNameAndKey(name, key, function (err, user) {
if (!user) {
res.status(403);
Expand Down

2 comments on commit 0f6cc14

@JacksonTian
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这个问题还是默认qs模块解析多维参数成为对象导致的吧。

@alsotang
Copy link
Member Author

@alsotang alsotang commented on 0f6cc14 May 6, 2015 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.