diff --git a/routes/captcha.ts b/routes/captcha.ts index c5fc7a499ba..c1a194b6a7c 100644 --- a/routes/captcha.ts +++ b/routes/captcha.ts @@ -34,7 +34,7 @@ function captchas () { } captchas.verifyCaptcha = () => (req: Request, res: Response, next: NextFunction) => { - CaptchaModel.findOne({ where: { captchaId: req.body.captchaId } }).then((captcha: Captcha | null) => { + CaptchaModel.findOne({ where: { captchaId: Number(req.body.captchaId) } }).then((captcha: Captcha | null) => { if ((captcha != null) && req.body.captcha === captcha.answer) { next() } else { diff --git a/routes/likeProductReviews.ts b/routes/likeProductReviews.ts index 00bcb2f40f0..48c0712114f 100644 --- a/routes/likeProductReviews.ts +++ b/routes/likeProductReviews.ts @@ -28,7 +28,7 @@ module.exports = function productReviews () { () => { // Artificial wait for timing attack challenge setTimeout(function () { - db.reviews.findOne({ _id: id }).then((review: Review) => { + db.reviews.findOne({ _id: { $eq: id } }).then((review: Review) => { const likedBy = review.likedBy likedBy.push(user.data.email) let count = 0 diff --git a/routes/showProductReviews.ts b/routes/showProductReviews.ts index 7b61bc29bd1..c6ec4720f11 100644 --- a/routes/showProductReviews.ts +++ b/routes/showProductReviews.ts @@ -31,7 +31,7 @@ module.exports = function productReviews () { // Measure how long the query takes, to check if there was a nosql dos attack const t0 = new Date().getTime() - db.reviews.find({ $where: 'this.product == ' + id }).then((reviews: Review[]) => { + db.reviews.find({ product: { $eq: id } }).then((reviews: Review[]) => { const t1 = new Date().getTime() challengeUtils.solveIf(challenges.noSqlCommandChallenge, () => { return (t1 - t0) > 2000 }) const user = security.authenticatedUsers.from(req)