selfhosted
/
zer0bin
mirror of https://github.com/zer0bin-dev/zer0bin
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

a

This commit is contained in:
Dominic Harris 2022-03-14 20:48:23 -04:00
parent d02404eca2
commit aa7377ac03
No known key found for this signature in database
GPG Key ID: 93CCF85F3E2A4F65
3 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/main.rs
View File

@ -63,7 +63,7 @@ async fn main() -> io::Result<()> {
.wrap(Governor::new(&paste_governor))
.service(get_paste)
.service(new_paste)
.service(get_raw_paste),
// .service(get_raw_paste),
)
})
.bind(address)?

24
backend/src/routes.rs
View File

@ -96,6 +96,7 @@ pub async fn get_paste(state: web::Data<AppState>, id: web::Path<String>) -> imp
}
}
// TODO: Fix major vuln
#[get("/r/{id}")]
pub async fn get_raw_paste(state: web::Data<AppState>, id: web::Path<String>) -> impl Responder {
let id = id.into_inner();
@ -164,10 +165,29 @@ pub async fn new_paste(
Some(Utc::now() + Duration::days(state.config.pastes.days_til_expiration))
};
/*
.replace(/&/g, '&amp;')
.replace(/>/g, '&gt;')
.replace(/</g, '&lt;')
.replace(/"/g, '&quot;');
*/
// let cleaned = data
// .content
// .clone()
// .replace("&", "&amp;")
// .replace("<", "&lt;")
// .replace(">", "&gt;")
// .replace(r#"""#, "&quot;");
let cleaned = data
.content
.clone();
let res =
sqlx::query(r#"INSERT INTO pastes("id", "content", "expires_at") VALUES ($1, $2, $3)"#)
.bind(id.clone())
.bind(data.content.clone())
.bind(cleaned.clone())
.bind(expires_at)
.execute(&state.pool)
.await;
@ -177,7 +197,7 @@ pub async fn new_paste(
success: true,
data: NewPasteResponse {
id,
content: data.content.clone(),
content: cleaned,
},
}),
Err(e) => {

2
frontend/src/index.js
View File

@ -174,7 +174,7 @@ saveButton.click(function () {
addMessage(err["data"]["message"]);
} else {
window.history.pushState(null, null, `/~/${res["data"]["id"]}`);
viewPaste(editor.val(), "0");
viewPaste(res["data"]["content"], "0");
}
});
});