Skip to content

Commit

Permalink
Merge pull request #10 from wallymathieu/flohdot_master
Browse files Browse the repository at this point in the history 
Add escaping for bad platform string.
  • Loading branch information
@wallymathieu
wallymathieu authored Dec 11, 2017
2 parents 5f703eb + f37116a commit 1881f51
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/nuts.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ Nuts.prototype.onDownload = function(req, res, next) {
}

if (!asset) {
res.status(400).send("No download available for platform "+platform+" for version "+version.tag+" ("+(channel || "beta")+")");
res.status(400).send("No download available for platform "+_.escape(platform)+" for version "+version.tag+" ("+(channel || "beta")+")");
return;
}

Expand All @@ -215,7 +215,7 @@ Nuts.prototype.onUpdateRedirect = function(req, res, next) {
if (!req.query.version) throw new Error('Requires "version" parameter');
if (!req.query.platform) throw new Error('Requires "platform" parameter');

return res.redirect('/update/'+req.query.platform+'/'+req.query.version);
return res.redirect('/update/'+_.escape(req.query.platform)+'/'+_.escape(req.query.version));
})
.fail(next);
};
Expand Down

0 comments on commit 1881f51

Please sign in to comment.