watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-06 01:18:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added validation for hostname.

Browse source
This commit is contained in:
Mike Cao 2025-02-11 20:36:31 -08:00
parent 00adf7abb0
commit 22a910e818
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/app/api/send/route.ts
View file

@ -7,7 +7,7 @@ import { badRequest, json, forbidden, serverError } from '@/lib/response';
import { fetchSession, fetchWebsite } from '@/lib/load'; import { fetchSession, fetchWebsite } from '@/lib/load';
import { getClientInfo, hasBlockedIp } from '@/lib/detect'; import { getClientInfo, hasBlockedIp } from '@/lib/detect';
import { secret, uuid, visitSalt } from '@/lib/crypto'; import { secret, uuid, visitSalt } from '@/lib/crypto';
import { COLLECTION_TYPE } from '@/lib/constants'; import { COLLECTION_TYPE, DOMAIN_REGEX } from '@/lib/constants';
import { createSession, saveEvent, saveSessionData } from '@/queries'; import { createSession, saveEvent, saveSessionData } from '@/queries';
import { urlOrPathParam } from '@/lib/schema'; import { urlOrPathParam } from '@/lib/schema';
@ -16,7 +16,7 @@ const schema = z.object({
payload: z.object({ payload: z.object({
website: z.string().uuid(), website: z.string().uuid(),
data: z.object({}).passthrough().optional(), data: z.object({}).passthrough().optional(),
hostname: z.string().max(100).optional(), hostname: z.string().regex(DOMAIN_REGEX).max(100).optional(),
language: z.string().max(35).optional(), language: z.string().max(35).optional(),
referrer: urlOrPathParam.optional(), referrer: urlOrPathParam.optional(),
screen: z.string().max(11).optional(), screen: z.string().max(11).optional(),