package main import ( "net/http" ) func commenterUpdate(commenterHex string, email string, name string, link string, photo string, provider string) error { if email == "" || name == "" || link == "" || photo == "" || provider == "" { return errorMissingField } // See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL // validator, just an XSS preventor. // TODO: reject URLs instead of malforming them. if link != "undefined" && !isHttpsUrl(link) { link = "https://" + link } statement := ` UPDATE commenters SET email = $3, name = $4, link = $5, photo = $6 WHERE commenterHex = $1 and provider = $2; ` _, err := db.Exec(statement, commenterHex, provider, email, name, link, photo) if err != nil { logger.Errorf("cannot update commenter: %v", err) return errorInternal } return nil } func commenterUpdateHandler(w http.ResponseWriter, r *http.Request) { type request struct { CommenterToken *string `json:"commenterToken"` Name *string `json:"name"` Email *string `json:"email"` Link *string `json:"link"` Photo *string `json:"photo"` } var x request if err := bodyUnmarshal(r, &x); err != nil { bodyMarshal(w, response{"success": false, "message": err.Error()}) return } c, err := commenterGetByCommenterToken(*x.CommenterToken) if err != nil { bodyMarshal(w, response{"success": false, "message": err.Error()}) return } if c.Provider != "commento" { *x.Link = c.Link *x.Photo = c.Photo } *x.Email = c.Email if err = commenterUpdate(c.CommenterHex, *x.Email, *x.Name, *x.Link, *x.Photo, c.Provider); err != nil { bodyMarshal(w, response{"success": false, "message": err.Error()}) return } bodyMarshal(w, response{"success": true}) }