search

inabahare / lewd2

A based file uploader
https://lewd.se
GNU General Public License v3.0
23 stars 3 forks source link

"Cannot read property 'id' of undefined" on several pages, crashing server #23

Closed kattjevfel closed 5 years ago

kattjevfel commented 5 years ago

You can quite easily crash the server by accessing /user/view-uploads, or by attempting to switch password at /user, all while not logged in.

2018-12-31 20:37 +01:00: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:37 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:37 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:37 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:37 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:37 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:37 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)
2018-12-31 20:37 +01:00: (node:3124) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

And then spamming it some more...

2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 3)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 4)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 5)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 6)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 8)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 9)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'id' of undefined
2018-12-31 20:38 +01:00:     at get (/var/www/lewd2/dist/app.js:1052:80)
2018-12-31 20:38 +01:00:     at process._tickCallback (internal/process/next_tick.js:68:7)
2018-12-31 20:38 +01:00: (node:3124) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 10)

And then the server crashes! :)

inabahare commented 5 years ago

I can't replicate this :v

inabahare commented 5 years ago

Fixed that sucka! https://github.com/inabahare/lewd2/commit/75a5eb92eba9785efd3e2c34a804c9bb5b5f6d01