Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: escape, query params

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2025-06-09 10:23:00 -04:00
parent 806e54bf5a
commit b02eb57d06
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/controllers/admin/events.js
View File

@@ -1,5 +1,6 @@
'use strict'; 'use strict';
const validator = require('validator');
const db = require('../../database'); const db = require('../../database');
const events = require('../../events'); const events = require('../../events');
const pagination = require('../../pagination'); const pagination = require('../../pagination');
@@ -58,6 +59,12 @@ eventsController.get = async function (req, res) {
events: eventData, events: eventData,
pagination: pagination.create(page, pageCount, req.query), pagination: pagination.create(page, pageCount, req.query),
types: types, types: types,
query: req.query, query: {
start: validator.escape(String(req.query.start)),
end: validator.escape(String(req.query.end)),
username: validator.escape(String(req.query.username)),
group: validator.escape(String(req.query.group)),
perPage: validator.escape(String(req.query.perPage)),
},
}); });
}; };