🛡️ fix: Minor Vulnerabilities (#4543)

* fix: ReDoS in ChatGPT Import * ci: should correctly process citations from real ChatGPT data * ci: Add ReDoS vulnerability test for processAssistantMessage * refactor: Update thread management and citation handling * refactor(validateImageRequest): robust validation * refactor(Prompt.js): update name search regex to escape special characters * refactor(Preset): exclude user from preset update to prevent mass assignment * refactor(files.js): Improve file deletion process * ci: updated validateImageRequest.spec.js * a11y: plugin pagination * refactor(CreatePromptForm.tsx): Improve input field styling * chore(Prompts): typing and accessibility * fix: prompt creation access role check * chore: remove duplicate jsdocs
2025-12-17 00:40:14 +01:00 · 2024-10-24 15:50:48 -04:00 · 2024-10-24 15:50:48 -04:00 · 3f3b5929e9
commit 3f3b5929e9
parent 094a40dbb0
15 changed files with 698 additions and 53 deletions
--- a/api/models/Prompt.js
+++ b/api/models/Prompt.js
@ -7,6 +7,7 @@ const {
  removeGroupFromAllProjects,
 } = require('./Project');
 const { Prompt, PromptGroup } = require('./schema/promptSchema');
+const { escapeRegExp } = require('~/server/utils');
 const { logger } = require('~/config');

 /**
@ -106,7 +107,7 @@ const getAllPromptGroups = async (req, filter) => {
    let searchShared = true;
    let searchSharedOnly = false;
    if (name) {
-      query.name = new RegExp(name, 'i');
+      query.name = new RegExp(escapeRegExp(name), 'i');
    }
    if (!query.category) {
      delete query.category;
@ -159,7 +160,7 @@ const getPromptGroups = async (req, filter) => {
    let searchShared = true;
    let searchSharedOnly = false;
    if (name) {
-      query.name = new RegExp(name, 'i');
+      query.name = new RegExp(escapeRegExp(name), 'i');
    }
    if (!query.category) {
      delete query.category;