escape input tag

2026-02-08 07:40:05 +01:00 · 2014-09-18 21:48:49 -04:00
parent c32fdabc43
commit 7652f2bf39
1 changed files with 2 additions and 1 deletions
--- a/src/controllers/tags.js
+++ b/src/controllers/tags.js
@@ -3,11 +3,12 @@
 var tagsController = {},
 	async = require('async'),
 	nconf = require('nconf'),
+	validator = require('validator'),
 	meta = require('../meta'),
 	topics = require('../topics');

 tagsController.getTag = function(req, res, next) {
-	var tag = req.params.tag;
+	var tag = validator.escape(req.params.tag);
 	var uid = req.user ? req.user.uid : 0;
 	var end = (parseInt(meta.config.topicsPerList, 10) || 20) - 1;
 	topics.getTagTids(tag, 0, end, function(err, tids) {