From d0721d3ec68620871df01e3ad028141e328d45bc Mon Sep 17 00:00:00 2001
From: 24c02 <163450896+24c02@users.noreply.github.com>
Date: Tue, 2 Dec 2025 12:51:16 -0500
Subject: [PATCH] placate brakeman...

---
 app/controllers/docs_controller.rb | 5 +++--
 app/views/addresses/_form.html.erb | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/docs_controller.rb b/app/controllers/docs_controller.rb
index bb65ac8..79872af 100644
--- a/app/controllers/docs_controller.rb
+++ b/app/controllers/docs_controller.rb
@@ -39,8 +39,9 @@ class DocsController < ApplicationController
       raise ActionController::RoutingError, "Invalid documentation path"
     end
 
-    erb_path = Rails.root.join("app", "views", "docs", "#{slug}.md.erb")
-    md_path = Rails.root.join("app", "views", "docs", "#{slug}.md")
+    docs_dir = Rails.root.join("app", "views", "docs")
+    erb_path = docs_dir.join("#{slug}.md.erb")
+    md_path = docs_dir.join("#{slug}.md")
 
     @doc_file_path = File.exist?(erb_path) ? erb_path : md_path
   end
diff --git a/app/views/addresses/_form.html.erb b/app/views/addresses/_form.html.erb
index f92e65a..0d505c8 100644
--- a/app/views/addresses/_form.html.erb
+++ b/app/views/addresses/_form.html.erb
@@ -8,7 +8,7 @@
   # Strip country code prefix for display (it's shown separately)
   raw_phone = address.phone_number.presence || current_identity&.phone_number
   display_phone = if raw_phone.present? && raw_phone.start_with?("+")
-    raw_phone.sub(/^\+#{initial_calling_code}/, "")
+    raw_phone.sub(/^\+#{Regexp.escape(initial_calling_code)}/, "")
   else
     raw_phone
   end