m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2025-02-14 21:10:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2117 from yumusb/patch-3

Browse Source 
Check the hostname value for legality to eliminate dirty data
This commit is contained in:
Mike Cao 2023-07-12 21:54:40 -07:00 committed by GitHub
commit 7fe1236a5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/session.ts
View File

@ -30,6 +30,13 @@ export async function findSession(req: NextApiRequestCollect) {
// Verify payload
const { website: websiteId, hostname, screen, language } = payload;
// Check the hostname value for legality to eliminate dirty data
const validHostnameRegex = /^[\w-.]+$/;
if (!validHostnameRegex.test(hostname)) {
throw new Error('Invalid hostname.');
}
if (!validate(websiteId)) {
throw new Error('Invalid website ID.');
}