From adb5c8c0149d0a5904e720cd114df90514a38552 Mon Sep 17 00:00:00 2001
From: ChristosTsiotsias <71635617+ChristosTsiotsias@users.noreply.github.com>
Date: Mon, 14 Oct 2024 11:32:50 +0100
Subject: [PATCH] ISSUE #5207 query in findByJob sanitised

---
 backend/src/v4/models/job.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/backend/src/v4/models/job.js b/backend/src/v4/models/job.js
index 41e0e29659..54b0f974ba 100644
--- a/backend/src/v4/models/job.js
+++ b/backend/src/v4/models/job.js
@@ -17,10 +17,12 @@
 
 "use strict";
 
+const { v5Path } = require("../../interop");
 const {map, compact, uniq} = require("lodash");
 const responseCodes = require("../response_codes.js");
 const C = require("../constants.js");
 const db = require("../handler/db");
+const { sanitiseRegex } = require(`${v5Path}/utils/helper/strings.js`);
 
 function validateJobName(jobName) {
 	const regex = "^[^/?=#+]{0,119}[^/?=#+ ]{1}$";
@@ -94,8 +96,8 @@ Job.addUserToJob = async function(teamspace, jobName, user) {
 };
 
 Job.findByJob = async function(teamspace, jobName, caseSensitive = true) {
-
-	const query = caseSensitive ? { _id: jobName } : { _id: new RegExp(jobName, "i")};
+	const sanitisedJobName = sanitiseRegex(jobName);
+	const query = caseSensitive ? { _id: jobName } : { _id: new RegExp(sanitisedJobName, "i")};
 	const foundJob = await db.findOne(teamspace, JOBS_COLLECTION_NAME, query);
 
 	if (foundJob && !foundJob.users) {