From 5c13c6a972ef4c07c5f35b417916e0598af9e123 Mon Sep 17 00:00:00 2001 From: Nymokrit Date: Thu, 28 Jan 2021 10:30:01 +0100 Subject: [PATCH] Update passport.js FIXES: SQLInjection Vulnerability in Login --- app/config/passport.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/config/passport.js b/app/config/passport.js index c317814..138ff40 100644 --- a/app/config/passport.js +++ b/app/config/passport.js @@ -25,7 +25,7 @@ module.exports = function (passport) { // used to deserialize the user passport.deserializeUser(function (id, done) { - connection.query("select * from users where id = " + id, function (err, rows) { + connection.query("select * from users where id = ?", [id], function (err, rows) { done(err, rows[0]); }); }); @@ -46,7 +46,7 @@ module.exports = function (passport) { function (req, email, password, done) { // find a user whose email is the same as the forms email // we are checking to see if the user trying to login already exists - connection.query("select * from users where email = '" + email + "'", function (err, rows) { + connection.query("select * from users where email = ?" + [email], function (err, rows) { if (err) {return done(err);} if (rows.length) { req.signUpMessage = 'Diese e-Mail ist bei uns bereits registriert'; @@ -84,7 +84,7 @@ module.exports = function (passport) { passReqToCallback: true // allows us to pass back the entire request to the callback }, function (req, email, password, done) { // callback with email and password from our form - connection.query("SELECT * FROM `users` WHERE `email` = '" + email + "'", function (err, rows) { + connection.query("SELECT * FROM `users` WHERE `email` = ?", [email], function (err, rows) { if (err) {return done(err);} if (!rows.length) {