Add username validation and URL decoding in comment retrieval

2025-09-27 20:27:23 +00:00 · 2025-05-21 12:44:29 +08:00
parent 3283aabf9f
commit 0fae66c7dd
2 changed files with 12 additions and 0 deletions
--- a/server/api/resource.go
+++ b/server/api/resource.go
@@ -179,6 +179,10 @@ func handleGetResourcesWithUser(c fiber.Ctx) error {
 	if username == "" {
 		return model.NewRequestError("Username is required")
 	}
+	username, err := url.PathUnescape(username)
+	if err != nil {
+		return model.NewRequestError("Invalid username")
+	}
 	pageStr := c.Query("page")
 	if pageStr == "" {
 		pageStr = "1"