From 2f15adaf4713455474312ef78402f788fcabb1e1 Mon Sep 17 00:00:00 2001
From: Brian Gough <bjg@network-theory.co.uk>
Date: Thu, 31 Mar 2016 12:12:25 +0100
Subject: [PATCH] parameter check on project_id

---
 services/clsi/app.coffee | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/services/clsi/app.coffee b/services/clsi/app.coffee
index 7412c7f7ec..c7bbd8cf64 100644
--- a/services/clsi/app.coffee
+++ b/services/clsi/app.coffee
@@ -36,6 +36,12 @@ app.use (req, res, next) ->
 	res.setTimeout TIMEOUT
 	next()
 
+app.param 'project_id', (req, res, next, project_id) ->
+	if project_id?.match /^[a-zA-Z0-9_-]+$/
+		next()
+	else
+		next new Error("invalid project id")
+
 app.post   "/project/:project_id/compile", bodyParser.json(limit: "5mb"), CompileController.compile
 app.delete "/project/:project_id", CompileController.clearCache