OpenWF/SpaceNinjaServer
12
6
Fork 15
Code Issues 46 Pull Requests 6 Actions Packages Projects Releases Activity

fix: possible denial of service via a single (authenticated) request (#442)

Browse Source
This commit is contained in:
Sainan 2024-07-01 12:26:38 +02:00 committed by GitHub
parent c778407a91
commit 543d94e88e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/custom/pushArchonCrystalUpgradeController.ts
View File

@ -10,11 +10,13 @@ export const pushArchonCrystalUpgradeController: RequestHandler = async (req, re
if (suit) { if (suit) {
suit.ArchonCrystalUpgrades ??= []; suit.ArchonCrystalUpgrades ??= [];
const count = (req.query.count as number | undefined) ?? 1; const count = (req.query.count as number | undefined) ?? 1;
if (count >= 1 && count <= 10000) {
for (let i = 0; i != count; ++i) { for (let i = 0; i != count; ++i) {
suit.ArchonCrystalUpgrades.push({ UpgradeType: req.query.type as string }); suit.ArchonCrystalUpgrades.push({ UpgradeType: req.query.type as string });
} }
await inventory.save(); await inventory.save();
res.end(); res.end();
} }
}
res.status(400).end(); res.status(400).end();
}; };

2
static/webui/index.html
View File

@ -114,7 +114,7 @@
<div class="card-body"> <div class="card-body">
<p>You can use these unlimited slots to apply a wide range of upgrades.</p> <p>You can use these unlimited slots to apply a wide range of upgrades.</p>
<form class="input-group mb-3" onsubmit="doPushArchonCrystalUpgrade();return false;"> <form class="input-group mb-3" onsubmit="doPushArchonCrystalUpgrade();return false;">
<input type="number" id="archon-crystal-add-count" min="1" value="1" class="form-control" style="max-width:100px" /> <input type="number" id="archon-crystal-add-count" min="1" max="10000" value="1" class="form-control" style="max-width:100px" />
<span class="input-group-text">x</span> <span class="input-group-text">x</span>
<input class="form-control" list="datalist-archonCrystalUpgrades" /> <input class="form-control" list="datalist-archonCrystalUpgrades" />
<button class="btn btn-primary" type="submit">Add</button> <button class="btn btn-primary" type="submit">Add</button>