krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 15:48:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

sanitize challenge update

Browse Source
This commit is contained in:
Tyler Renelle
2013-11-04 12:19:40 -08:00
parent 15d9e33252
commit 3e6eaf6f2f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/controllers/challenges.js
View File

@@ -156,8 +156,8 @@ api.update = function(req, res){
// Update the challenge, since syncing will need the updated challenge. But store `before` we're going to do some
// before-save / after-save comparison to determine if we need to sync to users
before = _before;
delete req.body._id;
Challenge.findByIdAndUpdate(cid, {$set:req.body}, cb); //FIXME sanitize
var attrs = _.pick(req.body, 'name shortName description habits dailys todos rewards date'.split(' '));
Challenge.findByIdAndUpdate(cid, {$set:attrs}, cb);
},
function(saved, cb) {
// after saving, we're done as far as the client's concerned. We kick of syncing (heavy task) in the background