Strange DUP Entry hack

author: LarsVomMars 2021-02-02 02:28:29 +0100
committer: LarsVomMars 2021-02-02 02:28:40 +0100
commit: c8bd0096e10ab28db6545753109244ca7fdcde6c (patch)
tree: 781fe1d202e4567d26f13f8e7ac8a8d8594314d9 /profile/index.js
parent: 80301283a7bbc58686ed7f8241ec4333d111cb9f (diff)
1 files changed, 27 insertions, 5 deletions
diff --git a/profile/index.js b/profile/index.js
index e73e00e..e3884d7 100644
--- a/profile/index.js
+++ b/profile/index.js
@@ -50,10 +50,21 @@ async function answer(req, res, qs) {
         for (const qid in req.body) {
             if (!req.body.hasOwnProperty(qid)) continue;
             const answer = req.body[qid];
+            const params = [answer, qid, req.session.uid];
             try {
-                await db.query(qs, [answer, qid, req.session.uid]);
+                await db.query(qs, params);
             } catch (e) {
-                console.error(e);
+                if (e.code === "ER_DUP_ENTRY") { // Fix strange POST behaviour
+                    try {
+                        await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", params);
+                    } catch (e) {
+                        console.error(e);
+                        return res.json({ success: false });
+                    }
+                } else {
+                    console.error(e);
+                    return res.json({ success: false });
+                }
             }
         }
         res.json({ success: true });
@@ -76,11 +87,22 @@ async function answerImage(req, res, qs) {
             if (!req.files.hasOwnProperty(fid)) continue;
             const image = req.files[fid];
             const name = `child_${req.session.uid}.jpg`;
+            const params = [name, fid, req.session.uid];
             try {
-                await image.mv(`${__dirname}/public/uploads/${name}`);
-                await db.query(qs, [name, fid, req.session.uid]);
+                await image.mv(`${__dirname}/public/uploads/${name}`); // Overwrite anyway - tbh we don't need update stmt
+                await db.query(qs, params);
             } catch (e) {
-                console.error(e);
+                if (e.code === "ER_DUP_ENTRY") { // Fix strange POST behaviour
+                    try {
+                        await db.query("UPDATE profile_answers SET answer = ? WHERE question_id = ? AND user_id = ?", params);
+                    } catch (e) {
+                        console.error(e);
+                        return res.json({ success: false });
+                    }
+                } else {
+                    console.error(e);
+                    return res.json({ success: false });
+                }
             }
         }
         res.json({ success: true });
author	LarsVomMars	2021-02-02 02:28:29 +0100
committer	LarsVomMars	2021-02-02 02:28:40 +0100
commit	c8bd0096e10ab28db6545753109244ca7fdcde6c (patch)
tree	781fe1d202e4567d26f13f8e7ac8a8d8594314d9 /profile/index.js
parent	80301283a7bbc58686ed7f8241ec4333d111cb9f (diff)