X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fmessages.js;h=9355ff92adbb263812aee52d83ef87d401a5a876;hb=51145f8c0e0595f195e26827e932306eb0083c10;hp=cd93b9fe5e23dc34475108610b9abdec7fa936a7;hpb=dac395887d96e2d642b209c6db6aaacc3ffacb34;p=vchess.git

diff --git a/server/routes/messages.js b/server/routes/messages.js
index cd93b9fe..9355ff92 100644
--- a/server/routes/messages.js
+++ b/server/routes/messages.js
@@ -1,23 +1,17 @@
-// Router for contact form sending
-
 let router = require("express").Router();
-const mailer = require(__dirname.replace("/routes", "/utils/mailer"));
+const access = require("../utils/access");
+const sendEmail = require(__dirname.replace("/routes", "/utils/mailer"));
 const params = require(__dirname.replace("/routes", "/config/parameters"));
 
 // Send a message through contact form
-router.post("/messages", (req,res,next) => {
-  if (!req.xhr)
-    return res.json({errmsg: "Unauthorized access"});
+router.post("/messages", access.ajax, (req,res) => {
   const from = req.body["email"];
-  const subject = req.body["subject"];
+  // Replace potential newline characters in subject
+  const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
   const body = req.body["content"];
 
-  // TODO: sanitize ?
-  mailer(from, params.mail.contact, subject, body, err => {
-    if (!!err)
-      return res.json({errmsg:err});
-    // OK, everything fine
-    res.json({}); //ignored
+  sendEmail(from, params.mail.contact, subject, body, err => {
+    res.json(err || {});
   });
 });