diff --git a/lib/wsapi/stage_email.js b/lib/wsapi/stage_email.js index 76bca3b86b2e20b4268e2c53791db39c36228874..6ffe560eefd98102908f86946076a0643f99d083 100644 --- a/lib/wsapi/stage_email.js +++ b/lib/wsapi/stage_email.js @@ -24,10 +24,15 @@ exports.i18n = true; exports.process = function(req, res) { // validate - // should do this one but it's failing for some reason - sanitize(req.body.email).isEmail(); - sanitize(req.body.site).isOrigin(); - + try { + sanitize(req.body.email).isEmail(); + sanitize(req.body.site).isOrigin(); + } catch(e) { + var msg = "invalid arguments: " + e; + logger.warn("bad request received: " + msg); + return httputils.badRequest(resp, msg); + } + db.lastStaged(req.body.email, function (err, last) { if (err) return wsapi.databaseDown(res, err); diff --git a/lib/wsapi/stage_user.js b/lib/wsapi/stage_user.js index ca1a3318c4eb194829e2a36fce08c628835be335..0408b7e76a53de41a380254feed56c9ae8282773 100644 --- a/lib/wsapi/stage_user.js +++ b/lib/wsapi/stage_user.js @@ -29,8 +29,14 @@ exports.process = function(req, resp) { wsapi.clearAuthenticatedUser(req.session); // validate - sanitize(req.body.email).isEmail(); - sanitize(req.body.site).isOrigin(); + try { + sanitize(req.body.email).isEmail(); + sanitize(req.body.site).isOrigin(); + } catch(e) { + var msg = "invalid arguments: " + e; + logger.warn("bad request received: " + msg); + return httputils.badRequest(resp, msg); + } db.lastStaged(req.body.email, function (err, last) { if (err) return wsapi.databaseDown(resp, err);