-// Get one problem
-router.get("/problems/:vname([a-zA-Z0-9]+)/:pnum([0-9]+)", access.ajax, (req,res) => {
- const vname = req.params["vname"];
- const pnum = req.params["pnum"];
- ProblemModel.getOne(vname, pnum, (err,problem) => {
+function sanitizeUserInput(fen, instructions, solution)
+{
+ if (!fen.match(/^[a-zA-Z0-9, /-]*$/))
+ return "Bad characters in FEN string";
+ instructions = sanitizeHtml(instructions);
+ solution = sanitizeHtml(solution);
+ if (instructions.length == 0)
+ return "Empty instructions";
+ if (solution.length == 0)
+ return "Empty solution";
+ return {
+ fen: fen,
+ instructions: instructions,
+ solution: solution
+ };
+}
+
+// Get one problem (TODO: vid unused, here for URL de-ambiguification)
+router.get("/problems/:vid([0-9]+)/:id([0-9]+)", access.ajax, (req,res) => {
+ const pid = req.params["id"];
+ ProblemModel.getOne(pid, (err,problem) => {