Add note input sanitization for voucher creation

Sanitize note input and limit its length to 255 characters before creating the voucher code.
2026-03-31 06:24:00 -04:00 · 2025-12-28 02:09:07 +01:00
parent a361770aee
commit e6a5d56f4c
1 changed files with 21 additions and 1 deletions
--- a/controllers/api.js
+++ b/controllers/api.js
@@ -180,8 +180,28 @@ module.exports = {
                return;
            }

+            // Prepare optional note (sanitize to avoid breaking internal separator format)
+            let noteInput = '';
+            if(typeof req.body.note !== 'undefined' && req.body.note !== null) {
+                if(typeof req.body.note !== 'string') {
+                    res.status(400).json({
+                        error: 'Invalid Note!',
+                        data: {}
+                    });
+                    return;
+                }
+
+                // Remove any existing internal separators to prevent format breakage
+                noteInput = req.body.note.replace(/\|\|;;\|\|/g, ' ');
+                // Optionally, trim and limit length to a reasonable value (e.g. 255 chars)
+                noteInput = noteInput.trim().slice(0, 255);
+            }
+
+            // Build the note string expected by utils/notes.js
+            const finalNote = `${noteInput}||;;||api||;;||local||;;||`;
+
            // Create voucher code
-            const voucherCode = await unifi.create(types(req.body.type, true), 1, `||;;||api||;;||local||;;||`).catch((e) => {
+            const voucherCode = await unifi.create(types(req.body.type, true), 1, finalNote).catch((e) => {
                res.status(500).json({
                    error: e,
                    data: {}