Pengamanan terminal name bukan string pada topup

Adhidarma Hadiwinoto
1 parent f2be872ef8
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
lib/partner-listener/routers/topup.js
@@ -33,7 +33,8 @@ function onInvalidParameter(missingParameter, req, res) {
 function pagePrerequisite(req, res, next) {
     if (!req.body) req.body = {};
  
-    if (!req.body.terminal_name && !req.query.terminal_name) {
+    const terminalName = req.body.terminal_name || req.query.terminal_name;
+    if (!terminalName || typeof terminalName !== 'string') {
         onInvalidParameter('terminal_name', req, res);
         return;
     }
...	...	@@ -33,7 +33,8 @@ function onInvalidParameter(missingParameter, req, res) {
33	33	function pagePrerequisite(req, res, next) {
34	34	if (!req.body) req.body = {};
35	35
36		- if (!req.body.terminal_name && !req.query.terminal_name) {
	36	+ const terminalName = req.body.terminal_name \|\| req.query.terminal_name;
	37	+ if (!terminalName \|\| typeof terminalName !== 'string') {
37	38	onInvalidParameter('terminal_name', req, res);
38	39	return;
39	40	}