Skip to content

Commit

Permalink
fix(report): verify that the userId is a secret id
Browse files Browse the repository at this point in the history 
there was a possibility to see the reports that are not anonymous by putting login of the report created, and since user login and secret id saved in same field, you get access
  • Loading branch information
@estarossa0
estarossa0 committed Dec 16, 2021
1 parent a9e536f commit 7565510
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/pages/reports/[reportId].tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import { useQuery } from "react-query";
import Title from "../../components/report/title";
import ReportDescription from "../../components/report/description";
import Comments from "../../components/report/comment";
import { validate as uuidValidate } from "uuid";

const Report = ({
reportId,
Expand Down Expand Up @@ -56,7 +57,7 @@ const getServerSideProps: GetServerSideProps = async ({ req, query }) => {
req.headers as AxiosRequestHeaders,
).catch(() => null);

if (!report && query.userId)
if (!report && query.userId && uuidValidate(query.userId))
report = await getReport(
reportId,
query.userId.toString(),
Expand Down

0 comments on commit 7565510

Please sign in to comment.