From a4ff32331a77aecbb34f86c6e49f6f5d76e969cc Mon Sep 17 00:00:00 2001
From: xream <xream@icloud.com>
Date: Sun, 29 Oct 2023 22:38:20 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E7=AE=80=E5=8D=95=E9=99=90=E5=88=B6?=
 =?UTF-8?q?=E4=B8=80=E4=B8=8B=E8=AE=A2=E9=98=85/=E7=BB=84=E5=90=88?=
 =?UTF-8?q?=E8=AE=A2=E9=98=85=E7=9A=84=E5=90=8D=E7=A7=B0(=E4=B8=8D?=
 =?UTF-8?q?=E5=8F=AF=E5=8C=85=E5=90=AB=20"/"=20)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/package.json                 |  2 +-
 backend/src/restful/collections.js   | 11 +++++++++++
 backend/src/restful/subscriptions.js | 11 +++++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/backend/package.json b/backend/package.json
index 9af0ba8..0c3c10b 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sub-store",
-  "version": "2.14.78",
+  "version": "2.14.79",
   "description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and ShadowRocket.",
   "main": "src/main.js",
   "scripts": {
diff --git a/backend/src/restful/collections.js b/backend/src/restful/collections.js
index ee14926..e929846 100644
--- a/backend/src/restful/collections.js
+++ b/backend/src/restful/collections.js
@@ -22,6 +22,16 @@ export default function register($app) {
 function createCollection(req, res) {
     const collection = req.body;
     $.info(`正在创建组合订阅：${collection.name}`);
+    if (/\//.test(collection.name)) {
+        failed(
+            res,
+            new RequestInvalidError(
+                'INVALID_NAME',
+                `Collection ${collection.name} is invalid`,
+            ),
+        );
+        return;
+    }
     const allCols = $.read(COLLECTIONS_KEY);
     if (findByName(allCols, collection.name)) {
         failed(
@@ -31,6 +41,7 @@ function createCollection(req, res) {
                 `Collection ${collection.name} already exists.`,
             ),
         );
+        return;
     }
     allCols.push(collection);
     $.write(allCols, COLLECTIONS_KEY);
diff --git a/backend/src/restful/subscriptions.js b/backend/src/restful/subscriptions.js
index 62d4f71..4ad88c1 100644
--- a/backend/src/restful/subscriptions.js
+++ b/backend/src/restful/subscriptions.js
@@ -96,6 +96,16 @@ async function getFlowInfo(req, res) {
 function createSubscription(req, res) {
     const sub = req.body;
     $.info(`正在创建订阅： ${sub.name}`);
+    if (/\//.test(sub.name)) {
+        failed(
+            res,
+            new RequestInvalidError(
+                'INVALID_NAME',
+                `Subscription ${sub.name} is invalid`,
+            ),
+        );
+        return;
+    }
     const allSubs = $.read(SUBS_KEY);
     if (findByName(allSubs, sub.name)) {
         failed(
@@ -105,6 +115,7 @@ function createSubscription(req, res) {
                 `Subscription ${sub.name} already exists.`,
             ),
         );
+        return;
     }
     allSubs.push(sub);
     $.write(allSubs, SUBS_KEY);