X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fmessages.js;h=d96cbfa2dd7631267fb2a234a84462166b8b4d27;hb=99b7a14c6e01c53a49459c8d4681acf6abe635d8;hp=02ddec55e4716e69f808ed4b532100ad83ee3a5c;hpb=603b8a8b4a854efb168953da70e7b43ae99b50d9;p=vchess.git

diff --git a/server/routes/messages.js b/server/routes/messages.js
index 02ddec55..d96cbfa2 100644
--- a/server/routes/messages.js
+++ b/server/routes/messages.js
@@ -6,20 +6,19 @@ const params = require(__dirname.replace("/routes", "/config/parameters"));
 
 // Send a message through contact form
 router.post("/messages", (req,res,next) => {
-	if (!req.xhr)
-		return res.json({errmsg: "Unauthorized access"});
-  console.log(req.body);
+  if (!req.xhr)
+    return res.json({errmsg: "Unauthorized access"});
   const from = req.body["email"];
-	const subject = req.body["subject"];
-	const body = req.body["content"];
+  // Replace potential newline characters in subject
+  const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
+  const body = req.body["content"]; //TODO: sanitize? Why? How?
 
-	// TODO: sanitize ?
-	mailer(from, params.mail.contact, subject, body, err => {
-		if (!!err)
-			return res.json({errmsg:err});
-		// OK, everything fine
-		res.json({}); //ignored
-	});
+  mailer(from, params.mail.contact, subject, body, err => {
+    if (!!err)
+      return res.json({errmsg:err});
+    // OK, everything fine
+    res.json({}); //ignored
+  });
 });
 
 module.exports = router;