Adds polyfill for regexp escaping. Sanitizes now quiz name inputs

parent e966833a
......@@ -76,7 +76,10 @@ class MemberDAO extends AbstractDAO<Array<MemberEntity>> {
if (members.length) {
this.updateEmitter.emit(DbEvent.Delete, members[0]);
QuizDAO.getQuizByName(members[0].currentQuizName).onMemberRemoved(members[0]);
const quiz = QuizDAO.getQuizByName(members[0].currentQuizName);
if (quiz) {
quiz.onMemberRemoved(members[0]);
}
}
}
......@@ -95,7 +98,8 @@ class MemberDAO extends AbstractDAO<Array<MemberEntity>> {
private notifyQuizDAO(member: MemberEntity): void {
const quiz = QuizDAO.getQuizByName(member.currentQuizName);
if (!quiz) {
console.error(`The quiz '${member.currentQuizName}' for the member ${member.name} could not be found`);
console.error(`The quiz '${member.currentQuizName}' for the member ${member.name} could not be found. Removing member.`);
DbDAO.deleteOne(DbCollection.Members, { _id: member.id });
return;
}
QuizDAO.getQuizByName(member.currentQuizName).onMemberAdded(member);
......
......@@ -204,7 +204,7 @@ class QuizDAO extends AbstractDAO<Array<IQuizEntity>> {
}
public getQuizByName(name: string): IQuizEntity {
return this.storage.find(val => !!val.name.trim().match(new RegExp(`^${name.trim()}$`, 'i')));
return this.storage.find(val => !!val.name.trim().match(new RegExp(RegExp.escape(`^${name.trim()}$`), 'i')));
}
public getExpiryQuizzes(): Array<IQuizEntity> {
......
/*
* @source https://github.com/benjamingr/RegExp.escape
*/
// tslint:disable-next-line
interface RegExpConstructor {
escape(string): string;
}
// this is a direct translation to code of the spec
if (!RegExp.escape) {
RegExp.escape = (S) => {
// 1. let str be ToString(S).
// 2. ReturnIfAbrupt(str).
const str = String(S);
// 3. Let cpList be a List containing in order the code
// points as defined in 6.1.4 of str, starting at the first element of str.
const cpList = Array.from(str[Symbol.iterator]());
// 4. let cuList be a new List
const cuList = [];
// 5. For each code point c in cpList in List order, do:
for (const c of cpList) {
// i. If c is a SyntaxCharacter then do:
if ('^$\\.*+?()[]{}|'.indexOf(c) !== -1) {
// a. Append "\" to cuList.
cuList.push('\\');
}
// Append c to cpList.
cuList.push(c);
}
// 6. Let L be a String whose elements are, in order, the elements of cuList.
// noinspection UnnecessaryLocalVariableJS
const L = cuList.join('');
// 7. Return L.
return L;
};
}
......@@ -25,6 +25,7 @@ import { staticStatistics } from './statistics';
import { LoadTester } from './tests/LoadTester';
require('source-map-support').install();
require('./lib/regExpEscape'); // Installing polyfill for RegExp.escape
Error.stackTraceLimit = Infinity;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment