From 1c057bc823c619624c6ea0b4069e54a2b2eacfd4 Mon Sep 17 00:00:00 2001
From: Vesa Meskanen <vesa.meskanen@cgi.com>
Date: Fri, 28 Jan 2022 10:12:11 +0200
Subject: [PATCH] feat: validate search string more carefully

Alphanumeric letters must be included. Previously, some clever trash searches made api to throw an error
and return  internal server error.
---
 sanitizer/_text.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sanitizer/_text.js b/sanitizer/_text.js
index 0989faa3..c11c5481 100644
--- a/sanitizer/_text.js
+++ b/sanitizer/_text.js
@@ -12,8 +12,10 @@ function _sanitize( raw, clean ){
   // invalid input 'text'
   const text =  _.trim( _.trim( raw.text ), QUOTES );
 
-  if( !_.isString(text) || _.isEmpty(text) ){
-    messages.errors.push('invalid param \'text\': text length, must be >0');
+  if( !_.isString(text) || _.isEmpty(text) ||
+      (!text.match(/\d/) && !text.match(/[a-z]/i))
+  ){
+    messages.errors.push('invalid param \'text\': text must have alphanumeric content');
   } else {
     clean.text = text;
   }