srizan/archived-hc-harbor
1
0
Fork 0
mirror of https://github.com/SrIzan10/hc-harbor.git synced 2026-05-01 10:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize api token on hackatime controller

Browse Source 
Fixes #288
This commit is contained in:
Max Wofford
2025-06-08 20:59:14 -04:00
parent e43f23065d
commit 204cf2d188
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/api/hackatime/v1/hackatime_controller.rb
View File

@@ -286,6 +286,10 @@ class Api::Hackatime::V1::HackatimeController < ApplicationController
api_token ||= params[:api_key]
end
return render json: { error: "Unauthorized" }, status: :unauthorized unless api_token.present?
# Sanitize api_token to handle invalid UTF-8 sequences
api_token = api_token.to_s.encode('UTF-8', invalid: :replace, undef: :replace, replace: '')
valid_key = ApiKey.find_by(token: api_token)
return render json: { error: "Unauthorized" }, status: :unauthorized unless valid_key.present?