Merge pull request #1338 from arnav-kr/patch-3

fix: css injection, estimated hour validation
2026-04-19 19:45:07 +00:00 · 2024-08-22 17:39:15 +00:00 · 2024-08-22 17:39:15 +00:00 · 9b6f7d81ef
commit 9b6f7d81ef
parent f813b8c1b0 ee090681d8
2 changed files with 20 additions and 0 deletions
--- a/components/arcade/showcase/project-edit.js
+++ b/components/arcade/showcase/project-edit.js
@ -209,6 +209,7 @@ const ProjectEditForm = ({ project }) => {
            <Input
              {...useField('hours')}
              type="number"
+              min="1"
              sx={{ border: '1px dashed', borderColor: '#09AFB4', mb: 2 }}
            />
          </Label>
--- a/pages/api/arcade/showcase/projects/[projectID]/edit.js
+++ b/pages/api/arcade/showcase/projects/[projectID]/edit.js
@ -12,6 +12,25 @@ export default async function handler(req, res) {
    return res.status(400).json({ error: 'No body provided' })
  }

+  // html color input value always gives a 6-char hex color
+  const colorRegex = /^#[0-9A-F]{6}$/i;
+  if(body.color !== "" && !(colorRegex.test(body.color))) {
+    return res
+      .status(400)
+      .json({ error: 'Invalid Color' });
+  }
+  if(body.textColor !== "" && !(colorRegex.test(body.textColor))) {
+    return res
+      .status(400)
+      .json({ error: 'Invalid Text Color' });
+  }
+
+  if(body.hours <= 0) {
+    return res
+      .status(400)
+      .json({ error: 'Hours should be a positive integer' });
+  }
+
  const updatedFields = {}
  updatedFields['Name'] = body.title
  updatedFields['Estimated Hours'] = body.hours