From eeb15e7f73f7d552fab0b1a5c9a51ffb2ea34092 Mon Sep 17 00:00:00 2001
From: Christian Hartmann <chris-hartmann@gmx.de>
Date: Fri, 14 Feb 2025 15:47:01 +0100
Subject: [PATCH] Fix(routes): Add hash requirements for frontpage routes

Signed-off-by: Christian Hartmann <chris-hartmann@gmx.de>
---
 lib/Constants.php                 | 14 --------------
 lib/Controller/PageController.php |  6 +++---
 2 files changed, 3 insertions(+), 17 deletions(-)

diff --git a/lib/Constants.php b/lib/Constants.php
index fbca3d900..c904269be 100644
--- a/lib/Constants.php
+++ b/lib/Constants.php
@@ -10,20 +10,6 @@
 use OCP\Share\IShare;
 
 class Constants {
-	/**
-	 * Constants for API Controllers
-	 */
-	public const API_BASE = '/api/{apiVersion}/';
-	public const API_V3_REQUIREMENTS = [
-		'apiVersion' => 'v3',
-		'formId' => '\d+',
-		'questionId' => '\d+',
-		'optionId' => '\d+',
-		'shareId' => '\d+',
-		'submissionId' => '\d+',
-		'path' => '.+'
-	];
-	
 	/**
 	 * Used AppConfig Keys
 	 */
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index 71b5ebe47..611f31fc4 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -84,7 +84,7 @@ public function index(?string $hash = null): TemplateResponse {
 	 */
 	#[NoAdminRequired()]
 	#[NoCSRFRequired()]
-	#[FrontpageRoute(verb: 'GET', url: '/{hash}/{view}')]
+	#[FrontpageRoute(verb: 'GET', url: '/{hash}/{view}', requirements: ['hash' => '[a-zA-Z0-9]{16,}'])]
 	public function views(string $hash): TemplateResponse {
 		return $this->index($hash);
 	}
@@ -96,7 +96,7 @@ public function views(string $hash): TemplateResponse {
 	#[NoAdminRequired()]
 	#[NoCSRFRequired()]
 	#[PublicPage()]
-	#[FrontpageRoute(verb: 'GET', url: '/{hash}')]
+	#[FrontpageRoute(verb: 'GET', url: '/{hash}', requirements: ['hash' => '[a-zA-Z0-9]{16,}'])]
 	public function internalLinkView(string $hash): Response {
 		$internalView = $this->urlGenerator->linkToRoute('forms.page.views', ['hash' => $hash, 'view' => 'submit']);
 
@@ -116,7 +116,7 @@ public function internalLinkView(string $hash): Response {
 	#[NoAdminRequired()]
 	#[NoCSRFRequired()]
 	#[PublicPage()]
-	#[FrontpageRoute(verb: 'GET', url: '/s/{hash}')]
+	#[FrontpageRoute(verb: 'GET', url: '/s/{hash}', requirements: ['hash' => '[a-zA-Z0-9]{24,}'])]
 	public function publicLinkView(string $hash): Response {
 		try {
 			$share = $this->shareMapper->findPublicShareByHash($hash);