From b9ba1a96e6a93e203f26da3e20ce1d4987925318 Mon Sep 17 00:00:00 2001
From: kaotisk <kaotisk@arching-kaos.org>
Date: Tue, 4 Jun 2024 16:48:40 +0300
Subject: Path traversal fix + validation

---
 api/routes/getMrk/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'api/routes/getMrk')

diff --git a/api/routes/getMrk/index.js b/api/routes/getMrk/index.js
index 6cc61b8..35a0a2d 100644
--- a/api/routes/getMrk/index.js
+++ b/api/routes/getMrk/index.js
@@ -46,7 +46,7 @@ function fetchFmrk(mrk, res){
 module.exports = (req, res) => {
     console.log(req.params)
     res.set('Content-Type', 'application/json');
-    if ( (req.params.mrk) && req.params.mrk.length === 128 ){
+    if ( (req.params.mrk) && typeof req.params.mrk === "string" && req.params.mrk.length === 128 ){
         regex= /[a-f0-9]{128}/;
         if (regex.test(req.params.mrk)){
             let mrk = req.params.mrk;
-- 
cgit v1.2.3