x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix: escape QueryParam

Browse Source
This commit is contained in:
Tim Wundenberg
2024-09-12 22:01:25 +02:00
parent 44e8595b41
commit ae75fce3ae
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
service/auth.go
View File

@@ -105,7 +105,9 @@ func HandleDeleteAccountPage(db *sql.DB) http.HandlerFunc {
func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
token := r.URL.Query().Get("token")
if token == "" {
utils.DoRedirect(w, r, "/auth/verify")
return
@@ -212,7 +214,7 @@ func HandleSignUpComp(db *sql.DB) http.HandlerFunc {
}
// Send verification email as a goroutine
go sendVerificationEmail(db, r, userId.String(), email)
go sendVerificationEmail(db, userId.String(), email)
utils.DoRedirect(w, r, "/auth/verify")
}
@@ -352,13 +354,13 @@ func HandleVerifyResendComp(db *sql.DB) http.HandlerFunc {
return
}
go sendVerificationEmail(db, r, user.Id.String(), user.Email)
go sendVerificationEmail(db, user.Id.String(), user.Email)
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
}
}
func sendVerificationEmail(db *sql.DB, r *http.Request, userId string, email string) {
func sendVerificationEmail(db *sql.DB, userId string, email string) {
var token string
err := db.QueryRow("SELECT token FROM user_token WHERE user_uuid = ? AND type = 'email_verify'", userId).Scan(&token)