Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-17 10:40:41 +01:00
Code Issues Packages Projects Releases Activity

Add input validation for prefix to address security concerns

Browse Source 
Co-authored-by: eliandoran <21236836+eliandoran@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-11-02 22:06:14 +00:00
parent 5b8bb8587d
commit 82e5de2261
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/server/src/routes/api/branches.ts
View File

@@ -277,6 +277,11 @@ function setPrefixBatch(req: Request) {
throw new ValidationError("branchIds must be an array");
}
// Validate that prefix is a string or null/undefined to prevent prototype pollution
if (prefix !== null && prefix !== undefined && typeof prefix !== 'string') {
throw new ValidationError("prefix must be a string or null");
}
const normalizedPrefix = utils.isEmptyOrWhitespace(prefix) ? null : prefix;
let updatedCount = 0;