|
|
@@ -636,18 +636,20 @@ module.exports = function(crowi, app) {
|
|
|
|
|
|
//グループの生成
|
|
|
actions.userGroup.create = function(req, res) {
|
|
|
- var form = req.form.createGroupForm;
|
|
|
+ const form = req.form.createGroupForm;
|
|
|
if (req.form.isValid) {
|
|
|
- UserGroup.createGroupByName(form.userGroupName)
|
|
|
- .then((newUserGroup) => {
|
|
|
- req.flash('successMessage', newUserGroup.name);
|
|
|
- req.flash('createdUserGroup', newUserGroup);
|
|
|
- return res.redirect('/admin/user-groups');
|
|
|
- })
|
|
|
- .catch((err) => {
|
|
|
- debug('create userGroup error:', err);
|
|
|
- req.flash('errorMessage', '同じグループ名が既に存在します。');
|
|
|
- });
|
|
|
+ const userGroupName = req.sanitize(form.userGroupName);
|
|
|
+
|
|
|
+ UserGroup.createGroupByName(userGroupName)
|
|
|
+ .then((newUserGroup) => {
|
|
|
+ req.flash('successMessage', newUserGroup.name);
|
|
|
+ req.flash('createdUserGroup', newUserGroup);
|
|
|
+ return res.redirect('/admin/user-groups');
|
|
|
+ })
|
|
|
+ .catch((err) => {
|
|
|
+ debug('create userGroup error:', err);
|
|
|
+ req.flash('errorMessage', '同じグループ名が既に存在します。');
|
|
|
+ });
|
|
|
}
|
|
|
else {
|
|
|
req.flash('errorMessage', req.form.errors.join('\n'));
|
|
|
@@ -658,8 +660,8 @@ module.exports = function(crowi, app) {
|
|
|
//
|
|
|
actions.userGroup.update = function(req, res) {
|
|
|
|
|
|
- var userGroupId = req.params.userGroupId;
|
|
|
- var name = req.body.name;
|
|
|
+ const userGroupId = req.params.userGroupId;
|
|
|
+ const name = req.sanitize(req.body.name);
|
|
|
|
|
|
UserGroup.findById(userGroupId)
|
|
|
.then((userGroupData) => {
|
Yuki Takei