description security and bug fixes

2016-08-13 17:33:12 -04:00 · 2016-08-13 17:33:12 -04:00 · 41a3c1bc16
commit 41a3c1bc16
parent 33c2b5e1c4
2 changed files with 8 additions and 11 deletions
--- a/hourglass/client/main/main.js
+++ b/hourglass/client/main/main.js
@ -68,7 +68,7 @@ Template.registerHelper('myClasses', () => {
    		}
    		return array;
    	}
-})
+});

 Template.main.helpers({
    schoolName() {
@ -402,4 +402,4 @@ function getHomeworkFormData() {

 function clearHomeworkForm() {
 	
-}
+}
--- a/hourglass/server/main.js
+++ b/hourglass/server/main.js
@ -160,9 +160,7 @@ Meteor.methods({
        }
    },
    'createWork': function(input) {
-        var ref = new Date();
-        var month = ref.getMonth + 1;
-        ref = new Date(ref.getFullYear() + "-" + month.toString() + "-" + ref.getDate()).getTime();
+        var ref = new Date().getTime();
        input.creator = Meteor.userId();
        work.schema.validate(input);
        var found = Meteor.findOne({
@ -175,7 +173,7 @@ Meteor.methods({
            found.banned.indexOf(Meteor.userId()) === -1 &&
            found.blockEdit.indexOf(Meteor.userId()) === -1 &&
            input.dueDate.getTime() >= ref && worktype.indexOf(type) != -1 &&
-            input.name.length <= 50) {
+            input.name.length <= 50 && input.description.length <= 150) {

            input.confirmations = [Meteor.userId()];
            input.reports = [];
@ -187,9 +185,7 @@ Meteor.methods({

    },
    'editWork': function(change) {
-        var ref = new Date();
-        var month = ref.getMonth + 1;
-        ref = new Date(ref.getFullYear() + "-" + month.toString() + "-" + ref.getDate()).getTime();
+        var ref = new Date().getTime();

        var currentclass = classes.findOne({
            _id: work.findOne({
@ -204,7 +200,7 @@ Meteor.methods({
                $set: change
            });
        } else if (authorized.indexOf(Meteor.userId()) != -1) {
-            if (change.name.length <= 50 && worktype.indexOf(type) != -1) {
+            if (change.name.length <= 50 && change.description.length <= 150 && worktype.indexOf(type) != -1) {
                Meteor.update({
                    _id: change._id
                }, {
@ -213,7 +209,8 @@ Meteor.methods({
                        dueDate: change.dueDate,
                        comments: change.comments,
                        attachments: change.attachments,
-                        type: change.type
+                        type: change.type,
+                        description: change.description
                    }
                });
            }