From 9edbac671a9e01bcbebdd030cf5e4d3c75e97df8 Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Mon, 21 Jun 2021 13:37:26 +0000
Subject: [PATCH] fix regex accepting possible incorrect names, also make case
 insensitive

---
 controllers/forms/addcustompage.js  | 2 +-
 controllers/forms/editcustompage.js | 2 +-
 views/pages/editcustompage.pug      | 2 +-
 views/pages/managecustompages.pug   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/controllers/forms/addcustompage.js b/controllers/forms/addcustompage.js
index a534f233..fa4fb3a1 100644
--- a/controllers/forms/addcustompage.js
+++ b/controllers/forms/addcustompage.js
@@ -25,7 +25,7 @@ module.exports = {
 			{ result: existsBody(req.body.page), expected: true, error: 'Missing .html name' },
 			{ result: () => {
                 if (req.body.page) {
-                    return /[a-z0-9_-]+/.test(req.body.page);
+                    return /^[a-z0-9_-]+$/i.test(req.body.page);
                 }
                 return false;
             } , expected: true, error: '.html name must contain a-z 0-9 _ - only' },
diff --git a/controllers/forms/editcustompage.js b/controllers/forms/editcustompage.js
index 920ab5e3..18909dad 100644
--- a/controllers/forms/editcustompage.js
+++ b/controllers/forms/editcustompage.js
@@ -27,7 +27,7 @@ module.exports = {
 			{ result: existsBody(req.body.page), expected: true, error: 'Missing .html name' },
 			{ result: () => {
 				if (req.body.page) {
-					return /[a-z0-9_-]+/.test(req.body.page);
+					return /^[a-z0-9_-]+$/i.test(req.body.page);
 				}
 				return false;
 			} , expected: true, error: '.html name must contain a-z 0-9 _ - only' },
diff --git a/views/pages/editcustompage.pug b/views/pages/editcustompage.pug
index 50be4831..13568690 100644
--- a/views/pages/editcustompage.pug
+++ b/views/pages/editcustompage.pug
@@ -12,7 +12,7 @@ block content
 			input(type='hidden' name='page_id' value=page._id)
 			.row
 				.label .html name
-				input(type='text' name='page' pattern='[a-z0-9-_]+' title='a-z0-9-_ only' value=page.page required)
+				input(type='text' name='page' pattern='[a-zA-Z0-9-_]+' title='a-zA-Z0-9-_ only' value=page.page required)
 			.table-container.flex-center.mv-5
 				table
 					tr
diff --git a/views/pages/managecustompages.pug b/views/pages/managecustompages.pug
index 12096c9f..a02bba44 100644
--- a/views/pages/managecustompages.pug
+++ b/views/pages/managecustompages.pug
@@ -17,7 +17,7 @@ block content
 			input(type='hidden' name='_csrf' value=csrf)
 			.row
 				.label .html name
-				input(type='text' name='page' pattern='[a-z0-9-_]+' title='a-z0-9-_ only' required)
+				input(type='text' name='page' pattern='[a-zA-Z0-9-_]+' title='a-zA-Z0-9-_ only' required)
 			.row
 				.label Title
 				input(type='text' name='title' required)