From 6b86ab022382ea1f9e4e65d144dff1c1d057026a Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Sat, 4 Jun 2022 13:58:30 +0200
Subject: [PATCH] better input validation for post endpoint

---
 server.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server.js b/server.js
index 2697ffd..4c7a5d8 100644
--- a/server.js
+++ b/server.js
@@ -351,6 +351,14 @@ router.get("/api/getotheruser",async function(req,res) {
 })
 
 router.post("/api/post", async function(req,res) {
+  if(!req.body.message) {
+    res.json({"error":"no message to post"})
+    return
+  }
+  if((typeof req.body.message) != "string") {
+    res.json({"error":"no message to post"})
+    return
+  }
   req.body.message = encodeURIComponent(req.body.message.trim())
   if(!req.body.message) {
     res.json({"error":"no message to post"})