From 53c93df9e3ace638c7706001b3d8b5a8829bf4bb Mon Sep 17 00:00:00 2001 From: raphael Date: Tue, 25 Jun 2019 14:15:44 +0200 Subject: [PATCH] escape file upload fields --- server.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server.js b/server.js index 33f34f3..694e47d 100644 --- a/server.js +++ b/server.js @@ -89,7 +89,7 @@ app.post('/upload', function (req, res) { //File upload function progressUploadFormData(formData) { console.log("Progress new Form Data"); - var fields = formData.fields; + var fields = escapeAllContentStrings(formData.fields); var files = formData.files; var whiteboardId = fields["whiteboardId"]; @@ -122,7 +122,7 @@ io.on('connection', function (socket) { var whiteboardId = null; socket.on('disconnect', function () { - if(smallestScreenResolutions && smallestScreenResolutions[whiteboardId] && socket && socket.id) { + if (smallestScreenResolutions && smallestScreenResolutions[whiteboardId] && socket && socket.id) { delete smallestScreenResolutions[whiteboardId][socket.id]; } socket.broadcast.emit('refreshUserBadges', null); //Removes old user Badges