From bcedf1201e8d7f0be6ba9fa0f93229cb03b58e7c Mon Sep 17 00:00:00 2001
From: Nils G <nils.gondermann@ruhr-uni-bochum.de>
Date: Wed, 15 Apr 2020 13:11:35 +0200
Subject: [PATCH] Sanitize room code and user name server-side

---
 controllers/player.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/controllers/player.py b/controllers/player.py
index 2e7db04..ef0ca86 100644
--- a/controllers/player.py
+++ b/controllers/player.py
@@ -15,6 +15,9 @@ def create():
     room_code = parameters["room_code"]
     user_name = parameters["user_name"]
 
+    room_code = ''.join(c for c in room_code if c.isalnum())
+    user_name = ''.join(c for c in user_name if c.isalnum())
+
     if (len(room_code) != 4) or (len(user_name) == 0) or (len(user_name) > 15):
         return(FAIL(CODE_SEMANTIC))
 
-- 
GitLab