diff --git a/package-lock.json b/package-lock.json index 15e8d6a8..3f65e789 100644 --- a/package-lock.json +++ b/package-lock.json @@ -968,14 +968,6 @@ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, - "emoji-strip": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/emoji-strip/-/emoji-strip-0.0.3.tgz", - "integrity": "sha1-Y+me/gygF0bm3qU1vGSnKkx+0cc=", - "requires": { - "gemoji": "0.1.2" - } - }, "encodeurl": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", @@ -1799,11 +1791,6 @@ "globule": "0.1.0" } }, - "gemoji": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/gemoji/-/gemoji-0.1.2.tgz", - "integrity": "sha1-EJIAGfOELmSO9BaMMBUD7ey9FJ4=" - }, "get-value": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/get-value/-/get-value-2.0.6.tgz", diff --git a/server/handlers/chat.js b/server/handlers/chat.js index d45e063e..4d11aee0 100644 --- a/server/handlers/chat.js +++ b/server/handlers/chat.js @@ -67,6 +67,8 @@ function chat(msg, guid, offline, socket) { return; } var coll = msg.channel.toLowerCase().replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) { if(userpass != "" || msg.pass == undefined) { msg.pass = userpass; @@ -118,7 +120,8 @@ function all_chat(msg, guid, offline, socket) { } var coll = msg.channel.toLowerCase().replace(/ /g,''); var data = msg.data; - + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); Functions.check_inlist(coll, guid, socket, offline); if(data !== "" && data !== undefined && data !== null && data.length < 151 && data.replace(/\s/g, '').length){ diff --git a/server/handlers/io.js b/server/handlers/io.js index 6f1e4569..702c1427 100644 --- a/server/handlers/io.js +++ b/server/handlers/io.js @@ -64,6 +64,8 @@ module.exports = function() { socketid = msg.socket_id; socket.zoff_id = socketid; coll = msg.channel.toLowerCase().replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); in_list = true; chromecast_object = true; socket.join(coll); @@ -156,6 +158,8 @@ module.exports = function() { offline = true; if(channel != "") coll = channel; if(coll !== undefined) { + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); db.collection("connected_users").findAndModify({ query: {"_id": coll}, @@ -254,7 +258,6 @@ module.exports = function() { } catch(e) { return; } - if(msg.hasOwnProperty("offline") && msg.offline) { offline = true; } @@ -396,6 +399,8 @@ module.exports = function() { socket.on("left_channel", function(msg) { if(msg.hasOwnProperty("channel") && msg.channel != "" && typeof(msg.channel) == "string") { coll = msg.channel.replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); List.left_channel(coll, guid, short_id, in_list, socket, false); } }) diff --git a/server/handlers/list.js b/server/handlers/list.js index 0c19e7ad..a360f3cc 100644 --- a/server/handlers/list.js +++ b/server/handlers/list.js @@ -47,6 +47,8 @@ function list(msg, guid, coll, offline, socket) { return; } coll = msg.channel.toLowerCase().replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); var pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64"); db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){ if(frontpage_lists.length == 1) { @@ -119,6 +121,7 @@ function skip(list, guid, coll, offline, socket) { return; } } + if(!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") || typeof(list.id) != "string" || typeof(list.channel) != "string") { var result = { diff --git a/server/handlers/list_change.js b/server/handlers/list_change.js index 0da2d139..831ed281 100644 --- a/server/handlers/list_change.js +++ b/server/handlers/list_change.js @@ -469,6 +469,8 @@ function voteUndecided(msg, coll, guid, offline, socket) { return; } coll = msg.channel.toLowerCase().replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { if(adminpass != "" || msg.adminpass == undefined) { msg.adminpass = adminpass; @@ -533,7 +535,8 @@ function shuffle(msg, coll, guid, offline, socket) { return; } coll = msg.channel.toLowerCase().replace(/ /g,''); - + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { if(adminpass != "" || msg.adminpass == undefined) { msg.adminpass = adminpass; @@ -654,6 +657,8 @@ function delete_all(msg, coll, guid, offline, socket) { coll = msg.channel; } coll = coll.replace(/ /g,''); + coll = emojiStrip(coll).toLowerCase(); + coll = filter.clean(coll); Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { if(adminpass != "" || msg.adminpass == undefined) { msg.adminpass = adminpass;