fix: escape QueryParam
All checks were successful
Build and Push Docker Image / Explore-Gitea-Actions (push) Successful in 54s
All checks were successful
Build and Push Docker Image / Explore-Gitea-Actions (push) Successful in 54s
This commit is contained in:
Tim
@@ -105,7 +105,9 @@ func HandleDeleteAccountPage(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
token := r.URL.Query().Get("token")
|
||||
|
||||
if token == "" {
|
||||
utils.DoRedirect(w, r, "/auth/verify")
|
||||
return
|
||||
@@ -212,7 +214,7 @@ func HandleSignUpComp(db *sql.DB) http.HandlerFunc {
|
||||
}
|
||||
|
||||
// Send verification email as a goroutine
|
||||
go sendVerificationEmail(db, r, userId.String(), email)
|
||||
go sendVerificationEmail(db, userId.String(), email)
|
||||
|
||||
utils.DoRedirect(w, r, "/auth/verify")
|
||||
}
|
||||
@@ -352,13 +354,13 @@ func HandleVerifyResendComp(db *sql.DB) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
go sendVerificationEmail(db, r, user.Id.String(), user.Email)
|
||||
go sendVerificationEmail(db, user.Id.String(), user.Email)
|
||||
|
||||
w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
|
||||
}
|
||||
}
|
||||
|
||||
func sendVerificationEmail(db *sql.DB, r *http.Request, userId string, email string) {
|
||||
func sendVerificationEmail(db *sql.DB, userId string, email string) {
|
||||
|
||||
var token string
|
||||
err := db.QueryRow("SELECT token FROM user_token WHERE user_uuid = ? AND type = 'email_verify'", userId).Scan(&token)
|
||||
|
||||
Reference in New Issue
Block a user