fix(path-traversal): add regex to prevent path traversal attack (#1828)

isomerpages · Mar 14, 2024 · 23f4b35 · 23f4b35
1 parent 89198d5
commit 23f4b35
Showing 1 changed file with 19 additions and 19 deletions.
diff --git a/src/routing/RouteSelector.jsx b/src/routing/RouteSelector.jsx
@@ -66,18 +66,18 @@ export const RouteSelector = () => {
         <ProtectedRouteWithProps
           exact
           path={[
-            "/sites/:siteName/resourceRoom/:resourceRoomName/resourceCategory/:resourceCategoryName/editPage/:fileName",
-            "/sites/:siteName/folders/:collectionName/subfolders/:subCollectionName/editPage/:fileName",
-            "/sites/:siteName/folders/:collectionName/editPage/:fileName",
-            "/sites/:siteName/editPage/:fileName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/resourceRoom/:resourceRoomName/resourceCategory/:resourceCategoryName/editPage/:fileName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/folders/:collectionName/subfolders/:subCollectionName/editPage/:fileName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/folders/:collectionName/editPage/:fileName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/editPage/:fileName",
           ]}
           component={injectApprovalRedirect(EditPage)}
         />
 
         <ProtectedRouteWithProps
           path={[
-            "/sites/:siteName/folders/:collectionName/subfolders/:subCollectionName",
-            "/sites/:siteName/folders/:collectionName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/folders/:collectionName/subfolders/:subCollectionName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/folders/:collectionName",
           ]}
         >
           <ApprovedReviewRedirect>
@@ -87,78 +87,78 @@ export const RouteSelector = () => {
 
         <ProtectedRouteWithProps
           exact
-          path="/sites/:siteName/navbar"
+          path="/sites/:siteName([a-zA-Z0-9-]+)/navbar"
           component={injectApprovalRedirect(EditNavBar)}
         />
 
         <ProtectedRouteWithProps
           path={[
-            "/sites/:siteName/media/:mediaRoom/mediaDirectory/:mediaDirectoryName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/media/:mediaRoom/mediaDirectory/:mediaDirectoryName",
           ]}
         >
           <ApprovedReviewRedirect>
             <Media />
           </ApprovedReviewRedirect>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/dashboard">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/dashboard">
           <SiteLaunchProvider>
             <SiteDashboard />
           </SiteLaunchProvider>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/linkCheckerReport">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/linkCheckerReport">
           <SiteLaunchProvider>
             <LinksReport />
           </SiteLaunchProvider>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/siteLaunchPad">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/siteLaunchPad">
           <SiteLaunchProvider>
             <SiteLaunchPadPage />
           </SiteLaunchProvider>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/review/:reviewId">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/review/:reviewId">
           <ReviewRequestRoleProvider>
             <ReviewRequestDashboard />
           </ReviewRequestRoleProvider>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/workspace">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/workspace">
           <ApprovedReviewRedirect>
             <Workspace />
           </ApprovedReviewRedirect>
         </ProtectedRouteWithProps>
 
         <ProtectedRouteWithProps
-          path="/sites/:siteName/homepage"
+          path="/sites/:siteName([a-zA-Z0-9-]+)/homepage"
           component={injectApprovalRedirect(EditHomepage)}
         />
 
         <ProtectedRouteWithProps
-          path="/sites/:siteName/contact-us"
+          path="/sites/:siteName([a-zA-Z0-9-]+)/contact-us"
           component={injectApprovalRedirect(EditContactUs)}
         />
 
-        <ProtectedRouteWithProps path="/sites/:siteName/resourceRoom/:resourceRoomName/resourceCategory/:resourceCategoryName">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/resourceRoom/:resourceRoomName/resourceCategory/:resourceCategoryName">
           <ApprovedReviewRedirect>
             <ResourceCategory />
           </ApprovedReviewRedirect>
         </ProtectedRouteWithProps>
 
         <ProtectedRouteWithProps
           path={[
-            "/sites/:siteName/resourceRoom/:resourceRoomName",
-            "/sites/:siteName/resourceRoom",
+            "/sites/:siteName([a-zA-Z0-9-]+)/resourceRoom/:resourceRoomName",
+            "/sites/:siteName([a-zA-Z0-9-]+)/resourceRoom",
           ]}
         >
           <ApprovedReviewRedirect>
             <ResourceRoom />
           </ApprovedReviewRedirect>
         </ProtectedRouteWithProps>
 
-        <ProtectedRouteWithProps path="/sites/:siteName/settings">
+        <ProtectedRouteWithProps path="/sites/:siteName([a-zA-Z0-9-]+)/settings">
           <ApprovedReviewRedirect>
             <Settings />
           </ApprovedReviewRedirect>