From 9009816290f3b9ca7070dafb552009d2c838cc88 Mon Sep 17 00:00:00 2001 From: NGPixel Date: Wed, 9 Sep 2020 20:10:51 -0400 Subject: [PATCH] fix: 2fa qr code - handle special chars in site title --- server/models/users.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/models/users.js b/server/models/users.js index 1d0d9799..28f3919e 100644 --- a/server/models/users.js +++ b/server/models/users.js @@ -128,7 +128,8 @@ module.exports = class User extends Model { tfaIsActive: false, tfaSecret: tfaInfo.secret }) - return qr.imageSync(`otpauth://totp/${WIKI.config.title}:${this.email}?secret=${tfaInfo.secret}`, { type: 'svg' }) + const safeTitle = WIKI.config.title.replace(/[\s-.,=!@#$%?&*()+[\]{}/\\;<>]/g, '') + return qr.imageSync(`otpauth://totp/${safeTitle}:${this.email}?secret=${tfaInfo.secret}`, { type: 'svg' }) } async enableTFA() {