From 8e6fb934e0a36d66c9a8f6d59a2f9fbec1abd329 Mon Sep 17 00:00:00 2001
From: Fabien Zucchet <fabien.zucchet@student-cs.fr>
Date: Tue, 2 Mar 2021 13:33:22 +0100
Subject: [PATCH] Try to fix SQL injections

---
 back/src/controllers/administrateur.controller.js | 2 +-
 back/src/index.js                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/back/src/controllers/administrateur.controller.js b/back/src/controllers/administrateur.controller.js
index f9a1973e..b8257179 100644
--- a/back/src/controllers/administrateur.controller.js
+++ b/back/src/controllers/administrateur.controller.js
@@ -30,7 +30,7 @@ function getAdministrateurs(req, res) {
 
 function addNewAdministrateur(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Admin` (`login`) VALUES (?)";
+  var query = "INSERT INTO `Admin` (`login`) VALUES (?);";
   var inserts = [req.body.login];
   con.connect();
   con.query(query, inserts, (err, result) => {
diff --git a/back/src/index.js b/back/src/index.js
index c18c10b7..e987dcb4 100644
--- a/back/src/index.js
+++ b/back/src/index.js
@@ -15,7 +15,7 @@ app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
 
 app.use('/api', apiRouter);
-app.use('/api/admin', apiAdminRouter);
+app.use('/api/admin', oauth.authMiddleware, apiAdminRouter);
 
 app.get('/api/login', function (req, res) {
   res.redirect(oauth.getRedirectURI());
-- 
GitLab