X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Fmodels%2FGame.js;h=1d2cd684c9f1cb9824892f304c963234e3c1b6a3;hb=6c7cbfedc6ecf2b49f6b1e27a174039e92a36365;hp=516c4bc52982b2c3a4237777772a23ee445160d2;hpb=b49527c46ed89115a253f2965e198d06c9a26e9a;p=vchess.git

diff --git a/server/models/Game.js b/server/models/Game.js
index 516c4bc5..1d2cd684 100644
--- a/server/models/Game.js
+++ b/server/models/Game.js
@@ -128,12 +128,13 @@ const GameModel =
     db.serialize(function() {
       let query =
         "SELECT id, vid, cadence, created, score, white, black " +
-        "FROM Games ";
-      if (uid > 0) query +=
-        "WHERE " +
-        "  created < " + cursor + " AND " +
-        "  white <> " + uid + " AND " +
-        "  black <> " + uid + " ";
+        "FROM Games " +
+        "WHERE created < " + cursor + " ";
+      if (uid > 0) {
+        query +=
+          "  AND white <> " + uid + " " +
+          "  AND black <> " + uid + " ";
+      }
       query +=
         "ORDER BY created DESC " +
         "LIMIT 20"; //TODO: 20 hard-coded...
@@ -309,7 +310,8 @@ const GameModel =
       ) && (
         !obj.rematchOffer || !!(obj.rematchOffer.match(/^[wbn]$/))
       ) && (
-        !obj.fen || !!(obj.fen.match(/^[a-zA-Z0-9, /-]*$/))
+        // TODO: check if commas are still used (probably not)
+        !obj.fen || !!(obj.fen.match(/^[a-zA-Z0-9,. /-]*$/))
       ) && (
         !obj.score || !!(obj.score.match(/^[012?*\/-]+$/))
       ) && (