From 93cdc72aa01f8f5ebe5e87c569809243fa35157e Mon Sep 17 00:00:00 2001
From: Johnson Mao <tutelary.maomao@gmail.com>
Date: Sat, 2 Mar 2024 01:37:49 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix=20code=20scanning=20alerts?=
 =?UTF-8?q?=20"server-side=20request=20forgery"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pages/group/edit/index.jsx | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pages/group/edit/index.jsx b/pages/group/edit/index.jsx
index fee4ccb7..df1cd632 100644
--- a/pages/group/edit/index.jsx
+++ b/pages/group/edit/index.jsx
@@ -36,14 +36,17 @@ function EditGroupPage() {
   const goToDetail = () => router.replace(`/group/detail?id=${id}`);
 
   const { mutate, isLoading } = useMutation(
-    (values) =>
-      fetch(`${GROUP_API_URL}/${id}`, {
+    (values) => {
+      if (!id || id.includes('/')) return Promise.reject();
+
+      return fetch(`${GROUP_API_URL}/${id}`, {
         method: 'PUT',
         body: JSON.stringify(values),
         headers: {
           'Content-Type': 'application/json',
         },
-      }),
+      });
+    },
     { onSuccess: goToDetail },
   );