kjao/archive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

relaxes security on editProfile in order to fix #80

Browse Source
This commit is contained in:
Yaman Qalieh 2016-09-01 07:15:17 -04:00
parent acb0b23d38
commit bd4f6017c8
1 changed files with 9 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
hourglass/server/main.js
View File

@ -472,26 +472,17 @@ Meteor.methods({
current.avatar = change.avatar; current.avatar = change.avatar;
current.banner = change.banner; current.banner = change.banner;
current.preferences = change.preferences; current.preferences = change.preferences;
if (schools.findOne({
name: current.school
}) !== null &&
Number.isInteger(current.grade) &&
current.grade >= 9 && current.grade <= 12) {
if (current.description && current.description.length > 50) { if (current.description && current.description.length > 50) {
current.description = current.description.slice(0, 50); current.description = current.description.slice(0, 50);
}
Meteor.users.update({
_id: Meteor.userId()
}, {
$set: {
profile: current
}
});
return true;
} else {
throw new Meteor.Error("unauthorized", "You are not authorized to complete this action.");
} }
Meteor.users.update({
_id: Meteor.userId()
}, {
$set: {
profile: current
}
});
}, },
'createProfile': function(userId) { 'createProfile': function(userId) {
var current = Meteor.users.findOne({ var current = Meteor.users.findOne({