From 1c2fd42ba5e2f9a699c6333d47420d4d077edff6 Mon Sep 17 00:00:00 2001
From: ptrstr <ptrstr@protonmail.com>
Date: Fri, 25 Apr 2025 15:32:24 -0400
Subject: [PATCH] fix: getPushExample language validation and login check

---
 server/socket-handlers/general-socket-handler.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/server/socket-handlers/general-socket-handler.js b/server/socket-handlers/general-socket-handler.js
index 50dcd946e..9ab2e3294 100644
--- a/server/socket-handlers/general-socket-handler.js
+++ b/server/socket-handlers/general-socket-handler.js
@@ -10,6 +10,8 @@ const path = require("path");
 let gameResolver = new GameResolver();
 let gameList = null;
 
+const LANGUAGE_REGEX = /^[a-zA-Z0-9-_]+$/;
+
 /**
  * Get a game list via GameDig
  * @returns {object[]} list of games supported by GameDig
@@ -91,6 +93,19 @@ module.exports.generalSocketHandler = (socket, server) => {
     });
 
     socket.on("getPushExample", (language, callback) => {
+        try {
+            checkLogin(socket);
+
+            if (!LANGUAGE_REGEX.test(language)) {
+                throw new Error("Invalid language");
+            }
+        } catch (e) {
+            callback({
+                ok: false,
+                msg: e.message,
+            });
+            return;
+        }
 
         try {
             let dir = path.join("./extra/push-examples", language);