mongodb 注入漏洞

alsotang · alsotang · commit 0f6cc14f6bcb · 2015-05-05T19:43:36.000+08:00
diff --git a/controllers/sign.js b/controllers/sign.js
@@ -171,8 +171,8 @@ exports.signout = function (req, res, next) {
 };
 
 exports.active_account = function (req, res, next) {
-  var key = req.query.key;
-  var name = req.query.name;
+  var key = validator.trim(req.query.key);
+  var name = validator.trim(req.query.name);
 
   User.getUserByLoginName(name, function (err, user) {
     if (err) {
@@ -238,8 +238,8 @@ exports.updateSearchPass = function (req, res, next) {
  * @param  {Function} next
  */
 exports.reset_pass = function (req, res, next) {
-  var key = req.query.key;
-  var name = req.query.name;
+  var key = validator.trim(req.query.key);
+  var name = validator.trim(req.query.name);
   User.getUserByNameAndKey(name, key, function (err, user) {
     if (!user) {
       res.status(403);
