Sanitize user input seed.

This commit is contained in:
lucaswadedavis 2016-12-16 19:24:17 -08:00
parent b517805b1b
commit 64e0bbab47
2 changed files with 4 additions and 2 deletions

View file

@ -21,6 +21,7 @@
"chance": "^1.0.4", "chance": "^1.0.4",
"express": "^4.14.0", "express": "^4.14.0",
"node-gyp": "^3.4.0", "node-gyp": "^3.4.0",
"sanitize-filename": "^1.6.1",
"uuid": "^3.0.1" "uuid": "^3.0.1"
} }
} }

View file

@ -1,6 +1,7 @@
var fs = require('fs'); var fs = require('fs');
var express = require('express'); var express = require('express');
var uuid = require('uuid/v4'); var uuid = require('uuid/v4');
var sanitize = require('sanitize-filename');
var Canvas = require('canvas'); var Canvas = require('canvas');
var Fox = require('./js/fox.js'); var Fox = require('./js/fox.js');
@ -54,9 +55,9 @@ app.get('/:width', function(req, res) {
app.get('/:width/:seed', function(req, res) { app.get('/:width/:seed', function(req, res) {
var width = parseInt(req.params.width); var width = parseInt(req.params.width);
var seed = req.params.seed; var seed = sanitize(req.params.seed);
if (width === undefined) width = 400; if (width === undefined) width = 400;
if (seed === undefined) seed = uuid(); if (!seed) seed = uuid();
var fileName = writeFoxToDisk(width, width, seed); var fileName = writeFoxToDisk(width, width, seed);
res.send('<img src="/' + fileName + '"/>'); res.send('<img src="/' + fileName + '"/>');
}); });