express-validator · SirensOfTitan · Jul 30, 2012 · Aug 3, 2012 · Sep 15, 2012 · Sep 15, 2012
diff --git a/lib/express_validator.js b/lib/express_validator.js
@@ -30,18 +30,40 @@ var validator = new Validator();
 var expressValidator = function(req, res, next) {
 
   req.updateParam = function(name, value) {
-    // route params like /user/:id
-    if (this.params && this.params.hasOwnProperty(name) &&
-        undefined !== this.params[name]) {
-      return this.params[name] = value;
-    }
-    // query string params
-    if (undefined !== this.query[name]) {
-      return this.query[name] = value;
-    }
-    // request body params via connect.bodyParser
-    if (this.body && undefined !== this.body[name]) {
-      return this.body[name] = value;
+    var updateList;
+
+    if (name.length > 1) {
+      if (this.params && this.params.hasOwnProperty(name[0])) {
+        updateList = this.params;
+      } else if (this.body && undefined !== this.body[name[0]]) {
+        updateList = this.body;
+      }
+
+      if (typeof updateList !== 'undefined') {
+        name.map(function(item, index) {
+          if (index == (name.length - 1)) {
+            return updateList[item] = value;
+          } else {
+            updateList = updateList[item];
+          }
+        });
+      }
+    } else {
+      name = name[0];
+
+      // route params like /user/:id
+      if (this.params && this.params.hasOwnProperty(name) &&
+          undefined !== this.params[name]) {
+        return this.params[name] = value;
+      }
+      // query string params
+      if (undefined !== this.query[name]) {
+        return this.query[name] = value;
+      }
+      // request body params via connect.bodyParser
+      if (this.body && undefined !== this.body[name]) {
+        return this.body[name] = value;
+      }
     }
     return false;
   };
@@ -124,12 +146,30 @@ var expressValidator = function(req, res, next) {
   req.filter = function(param) {
     var self = this;
     var filter = new Filter();
+    var value;
+
+    if (!Array.isArray(param)) {
+      param = typeof param === 'number' ?
+        [param] : param.split('.').filter(function(e) {
+          return e !== '';
+        });
+    }
+
+    // Extract value from params
+    param.map(function(item) {
+        if (value === undefined) {
+          value = req.param(item);
+        } else {
+          value = value[item];
+        }
+    });
+
     filter.modify = function(str) {
       this.str = str;
       // Replace the param with the filtered version
       self.updateParam(param, str);
     };
-    return filter.sanitize(this.param(param));
+    return filter.sanitize(value);
   };
 
   // Create some aliases - might help with code readability
@@ -141,4 +181,4 @@ var expressValidator = function(req, res, next) {
 };
 module.exports = expressValidator;
 module.exports.Validator = Validator;
-module.exports.Filter = Filter;
+module.exports.Filter = Filter;
diff --git a/test/sanitize.js b/test/sanitize.js
@@ -0,0 +1,72 @@
+var assert = require('assert');
+var async = require('async');
+
+var App = require('./helpers/app');
+var req = require('./helpers/req');
+
+var port = process.env.NODE_HTTP_PORT || 8888;
+var url = 'http://localhost:' + port;
+
+var validation = function(req, res) {
+  req.sanitize(['user', 'email']).trim();
+  req.sanitize('user.name').trim();
+  req.sanitize('field').trim();
+
+  req.assert(['user', 'email'], 'length').len(16);
+  req.assert(['user', 'name'], 'length').len(10);
+  req.assert('field', 'length').len(5);
+
+  var errors = req.validationErrors();
+  if (errors) {
+    res.json(errors);
+    return;
+  }
+
+  res.json(req.body);
+};
+
+var app = new App(port, validation);
+app.start();
+
+function fail(body) {
+  assert.deepEqual(body[0].msg, 'length');
+  assert.deepEqual(body[1].msg, 'length');
+  assert.deepEqual(body[2].msg, 'length');
+}
+
+function pass(body) {
+  assert.deepEqual(body, {
+    user: {
+      email: 'test@example.com',
+      name: 'John Smith'
+    },
+    field: 'field'
+  });
+}
+
+var tests = [
+  async.apply(req, 'post', url + '/', {
+    json: {
+      user: {
+        email: '     test@example.com     ',
+        name: '     John Smith     '
+      },
+      field: '     field     '
+    }
+  }, pass),
+  async.apply(req, 'post', url + '/', {
+    json: {
+      user: {
+        email: '',
+        name: ''
+      },
+      field: ''
+    }
+  }, fail)
+];
+
+async.parallel(tests, function(err) {
+  assert.ifError(err);
+  app.stop();
+  console.log('All %d tests passed.', tests.length);
+})