diff --git a/modules/api.js b/modules/api.js index dbd45b5..bb7013e 100644 --- a/modules/api.js +++ b/modules/api.js @@ -55,7 +55,7 @@ app.post('/api/sign_up', async (req, res) => { let syzoj2_xxx_md5 = '59cb65ba6f9ad18de0dcd12d5ae11bd2'; if (req.body.password === syzoj2_xxx_md5) throw 2007; if (!(req.body.email = req.body.email.trim())) throw 2006; - if (!/^[a-zA-Z0-9\-\_]+$/.test(req.body.username)) throw 2002; + if (!syzoj.utils.isValidUsername(req.body.username)) throw 2002; user = await User.create({ username: req.body.username, diff --git a/modules/user.js b/modules/user.js index ee01ee2..dc502c4 100644 --- a/modules/user.js +++ b/modules/user.js @@ -142,12 +142,19 @@ app.post('/user/:id/edit', async (req, res) => { user.password = req.body.new_password; } + if (res.locals.user.is_admin) { + if (!syzoj.utils.isValidUsername(req.body.username)) throw 'Invalid username.'; + user.username = req.body.username; + } + user.email = req.body.email; user.information = req.body.information; user.sex = req.body.sex; await user.save(); + if (user.id === res.locals.user.id) res.locals.user = user; + res.render('user_edit', { edited_user: user, error_info: 'Success' diff --git a/utility.js b/utility.js index ee7e9df..ce8a399 100644 --- a/utility.js +++ b/utility.js @@ -257,5 +257,8 @@ module.exports = { }, json: true }); + }, + isValidUsername(s) { + return /^[a-zA-Z0-9\-\_]+$/.test(s); } }; diff --git a/views/user_edit.ejs b/views/user_edit.ejs index 0221448..c03a95c 100644 --- a/views/user_edit.ejs +++ b/views/user_edit.ejs @@ -2,43 +2,47 @@ <% include header %>