return next(err);
if (!variant || variant.length==0)
return next(createError(404));
+ // TODO (later...) get only n=100(?) most recent problems
db.all("SELECT * FROM Problems WHERE variant='" + vname + "'",
(err2,problems) => {
if (!!err2)
if (!req.xhr)
return res.json({errmsg: "Unauthorized access"});
// TODO: next or previous: in params + timedate (of current oldest or newest)
+ db.serialize(function() {
+ //TODO
+ });
});
// Upload a problem (AJAX)
if (!req.xhr)
return res.json({errmsg: "Unauthorized access"});
const vname = req.params["variant"];
-
- // TODO: get parameters and sanitize them
- sanitizeHtml(req.body["fen"]); // [/a-z0-9 ]*
- sanitizeHtml(req.body["instructions"]);
+ const timestamp = Date.now();
+ // Sanitize them
+ const fen = req.body["fen"];
+ if (!fen.match(/^[a-zA-Z0-9 /]*$/))
+ return res.json({errmsg: "Bad characters in FEN string"});
+ const instructions = sanitizeHtml(req.body["instructions"]);
+ const solution = sanitizeHtml(req.body["solution"]);
db.serialize(function() {
let stmt = db.prepare("INSERT INTO Problems VALUES (?,?,?,?,?)");
stmt.run(timestamp, vname, fen, instructions, solution);
res.json({});
});
-
module.exports = router;
projects / vchess.git / blobdiff