Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 17:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: only allow numbers as scores (#7356)

Browse Source 
* zadd score checks

* fix: only allow numbers as scores

* fix: convert values to strings
This commit is contained in:
Barış Soner Uşaklı
2019-02-11 11:23:18 -05:00
committed by GitHub
parent 0fffcb3855
commit 5917dec288
6 changed files with 76 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/database/postgres/sorted/add.js
View File

@@ -4,6 +4,7 @@ var async = require('async');
module.exports = function (db, module) {
var helpers = module.helpers.postgres;
var utils = require('../../../utils');
module.sortedSetAdd = function (key, score, value, callback) {
callback = callback || helpers.noop;
@@ -15,7 +16,9 @@ module.exports = function (db, module) {
if (Array.isArray(score) && Array.isArray(value)) {
return sortedSetAddBulk(key, score, value, callback);
}
if (!utils.isNumber(score)) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + score + ']]'));
}
value = helpers.valueToString(value);
score = parseFloat(score);
@@ -46,7 +49,11 @@ VALUES ($1::TEXT, $2::TEXT, $3::NUMERIC)
if (scores.length !== values.length) {
return callback(new Error('[[error:invalid-data]]'));
}
for (let i = 0; i < scores.length; i += 1) {
if (!utils.isNumber(scores[i])) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + scores[i] + ']]'));
}
}
values = values.map(helpers.valueToString);
scores = scores.map(function (score) {
return parseFloat(score);
@@ -81,7 +88,9 @@ SELECT $1::TEXT, v, s
if (!Array.isArray(keys) || !keys.length) {
return callback();
}
if (!utils.isNumber(score)) {
return setImmediate(callback, new Error('[[error:invalid-score, ' + score + ']]'));
}
value = helpers.valueToString(value);
score = parseFloat(score);