From 698d43d64ebdcf0a2f813dd0abd58fdb70c91f6f Mon Sep 17 00:00:00 2001 From: Miodec Date: Wed, 25 Jan 2023 23:52:37 +0100 Subject: [PATCH] more validation --- backend/src/api/routes/users.ts | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/backend/src/api/routes/users.ts b/backend/src/api/routes/users.ts index e237e8470..3d792f4b3 100644 --- a/backend/src/api/routes/users.ts +++ b/backend/src/api/routes/users.ts @@ -258,7 +258,10 @@ router.patch( RateLimit.userTagsEdit, validateRequest({ body: { - tagId: joi.string().required(), + tagId: joi + .string() + .regex(/^[a-f\d]{24}$/i) + .required(), newName: tagNameValidation, }, }), @@ -271,7 +274,10 @@ router.delete( RateLimit.userTagsRemove, validateRequest({ params: { - tagId: joi.string().required(), + tagId: joi + .string() + .regex(/^[a-f\d]{24}$/i) + .required(), }, }), asyncHandler(UserController.removeTag) @@ -283,7 +289,10 @@ router.delete( RateLimit.userTagsClearPB, validateRequest({ params: { - tagId: joi.string().required(), + tagId: joi + .string() + .regex(/^[a-f\d]{24}$/i) + .required(), }, }), asyncHandler(UserController.clearTagPb)