diff options
| author | LarsVomMars | 2021-01-31 23:01:59 +0100 |
|---|---|---|
| committer | LarsVomMars | 2021-01-31 23:01:59 +0100 |
| commit | 5227cd0b0972ef74ced65bcab3c7704c5e0215fb (patch) | |
| tree | 81319fa9d4a0c93834e453de965d87d37e9667f9 /superadmin/index.js | |
| parent | aba35eae1aa7b41719fa1fb6f43c622d06bc745c (diff) | |
Should work
Diffstat (limited to 'superadmin/index.js')
| -rw-r--r-- | superadmin/index.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/superadmin/index.js b/superadmin/index.js index d80ac17..2518f97 100644 --- a/superadmin/index.js +++ b/superadmin/index.js @@ -9,7 +9,8 @@ app.use("/", checkSuperAdmin, express.static(__dirname + "/public")) app.post("/api/query", checkSuperAdmin, async (req, res) => { const { query } = req.body; let s; - if (!query || !query.toLowerCase().startsWith("select") || (s = query.split(";")).length > 1 && s[1] !== "") + const lc = query.toLowerCase(); + if (!query || !(lc.startsWith("select") || lc.startsWith("delete from") || lc.startsWith("update") || lc.startsWith("insert into")) || (s = query.split(";")).length > 1 && s[1] !== "") return res.status(403).json({ success: false }); try { const response = await db.query(query); |