Skip to content

Commit ebf70e5

Browse files
committed
fix: prevent member detail match when url contains .
1 parent e9fabb8 commit ebf70e5

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

SgfDevs/Controllers/MemberController.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
using System.Linq;
12
using System.Threading.Tasks;
23
using Microsoft.AspNetCore.Mvc;
34
using Microsoft.AspNetCore.Mvc.Filters;
@@ -58,6 +59,11 @@ public IPublishedContent FindContent(ActionExecutingContext actionExecutingConte
5859
[HttpGet]
5960
public async Task<IActionResult> MemberProfile(string username)
6061
{
62+
if (string.IsNullOrWhiteSpace(username) || username.Any(c => !char.IsLetterOrDigit(c)))
63+
{
64+
return NotFound();
65+
}
66+
6167
var memberUser = await _memberManager.FindByNameAsync(username);
6268
if (memberUser == null)
6369
{

SgfDevs/Program.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@
6666
{
6767
u.EndpointRouteBuilder.MapControllerRoute(
6868
"ProfileCustomRoute",
69-
"member/{username}",
69+
"member/{username:regex(^[a-zA-Z0-9]+$)}",
7070
new { Controller = "Member", Action = "MemberProfile" });
7171
u.UseBackOfficeEndpoints();
7272
u.UseWebsiteEndpoints();

0 commit comments

Comments
 (0)