X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=0302b1c05c96f1a8def94851748445eaeed20d0a;hb=a749972cf93fd021dda11389753ae4985ff61b42;hp=abe987cd2e3909d63b43d3553d5ad63ce27751e8;hpb=99b7a14c6e01c53a49459c8d4681acf6abe635d8;p=vchess.git

diff --git a/server/routes/users.js b/server/routes/users.js
index abe987cd..0302b1c0 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -33,7 +33,7 @@ router.get("/whoami", access.ajax, (req,res) => {
 // NOTE: this method is safe because only IDs and names are returned
 router.get("/users", access.ajax, (req,res) => {
   const ids = req.query["ids"];
-  if (!ids.match(/^([0-9]+,?)+$/)) //NOTE: slightly too permissive
+  if (!!ids && !ids.match(/^([0-9]+,?)+$/)) //NOTE: slightly too permissive
     return res.json({errmsg: "Bad IDs array"});
   UserModel.getByIds(ids, (err,users) => {
     if (!!err)
@@ -51,9 +51,11 @@ function setAndSendLoginToken(subject, to, res)
     if (!!err)
       return res.json({errmsg: err.toString()});
     const body =
-      "Hello " + to.name + "!\\n" +
+      "Hello " + to.name + "!" + `
+` +
       "Access your account here: " +
-      params.siteURL + "/#/authenticate/" + token + "\\n" +
+      params.siteURL + "/#/authenticate/" + token + `
+` +
       "Token will expire in " + params.token.expire/(1000*60) + " minutes."
     sendEmail(params.mail.noreply, to.email, subject, body, err => {
       res.json(err || {});