- commit
- f4258a8
- parent
- daa5dc7
- author
- Eric Bower
- date
- 2023-08-16 14:54:06 +0000 UTC
fix: validate project names
2 files changed,
+10,
-0
+5,
-0
1@@ -11,6 +11,7 @@ import (
2
3 _ "github.com/lib/pq"
4 "github.com/picosh/pico/db"
5+ "github.com/picosh/pico/shared"
6 "github.com/picosh/pico/wish/cms/config"
7 "go.uber.org/zap"
8 "golang.org/x/exp/slices"
9@@ -1183,6 +1184,10 @@ func (me *PsqlDB) FindFeedItemsByPostID(postID string) ([]*db.FeedItem, error) {
10 }
11
12 func (me *PsqlDB) InsertProject(userID, name, projectDir string) (string, error) {
13+ if !shared.IsValidSubdomain(name) {
14+ return "", fmt.Errorf("(%s) is not a valid project name, must match /^[a-z0-9-]+$/", name)
15+ }
16+
17 var id string
18 err := me.Db.QueryRow(sqlInsertProject, userID, name, projectDir).Scan(&id)
19 if err != nil {
1@@ -20,11 +20,16 @@ import (
2 )
3
4 var fnameRe = regexp.MustCompile(`[-_]+`)
5+var subdomainRe = regexp.MustCompile(`^[a-z0-9-]+$`)
6
7 var KB = 1024
8 var MB = KB * 1024
9 var GB = MB * 1024
10
11+func IsValidSubdomain(subd string) bool {
12+ return subdomainRe.MatchString(subd)
13+}
14+
15 func FilenameToTitle(filename string, title string) string {
16 if filename != title {
17 return title