watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-11 08:07:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Check the hostname value for legality to eliminate dirty data

Browse source 
Check the hostname value for legality to eliminate dirty data
This commit is contained in:
榆木 2023-07-13 12:27:38 +08:00 committed by GitHub
parent 7bfbe26485
commit 35cf149876
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/session.ts
View file

@ -30,6 +30,13 @@ export async function findSession(req: NextApiRequestCollect) {
// Verify payload // Verify payload
const { website: websiteId, hostname, screen, language } = payload; const { website: websiteId, hostname, screen, language } = payload;
// Check the hostname value for legality to eliminate dirty data
const validHostnameRegex = /^[\w-.]+$/;
if (!validHostnameRegex.test(hostname)) {
throw new Error('Invalid hostname.');
}
if (!validate(websiteId)) { if (!validate(websiteId)) {
throw new Error('Invalid website ID.'); throw new Error('Invalid website ID.');
} }