m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2025-01-22 07:49:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check the hostname value for legality to eliminate dirty data

Browse Source 
Check the hostname value for legality to eliminate dirty data
This commit is contained in:
榆木 2023-07-13 12:27:38 +08:00 committed by GitHub
parent 7bfbe26485
commit 35cf149876
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/session.ts
View File

@ -30,6 +30,13 @@ export async function findSession(req: NextApiRequestCollect) {
// Verify payload
const { website: websiteId, hostname, screen, language } = payload;
// Check the hostname value for legality to eliminate dirty data
const validHostnameRegex = /^[\w-.]+$/;
if (!validHostnameRegex.test(hostname)) {
throw new Error('Invalid hostname.');
}
if (!validate(websiteId)) {
throw new Error('Invalid website ID.');
}