HoshinoKoji/s3-presigned
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Loosen restriction on participant IDs

Browse Source
This commit is contained in:
HoshinoKoji 2025-04-16 15:40:00 +08:00
parent 1e909f963f
commit dd45b75f86
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/index.js
View File

@ -63,7 +63,7 @@ export default {
const expId = url.searchParams.get('expId'); const expId = url.searchParams.get('expId');
const participantId = url.searchParams.get('participantId'); const participantId = url.searchParams.get('participantId');
const pat = /^[a-zA-Z0-9]{1,64}$/; const pat = /^[a-zA-Z0-9_\-]{1,64}$/;
if (!expId || !participantId || expId.includes('/') || !participantId.match(pat)) { if (!expId || !participantId || expId.includes('/') || !participantId.match(pat)) {
// prevent path traversal // prevent path traversal
return new Response('Invalid parameters', { status: 400, headers: corsHeaders }); return new Response('Invalid parameters', { status: 400, headers: corsHeaders });