From 9800a4ad4b40772e8a429cbf12342bee9f01c61c Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Sat, 17 Feb 2024 10:55:51 -0600
Subject: [PATCH] check tag input

---
 app/browse.rb  | 2 +-
 models/site.rb | 2 +-
 models/tag.rb  | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/browse.rb b/app/browse.rb
index 9c486b8b..8e3d3938 100644
--- a/app/browse.rb
+++ b/app/browse.rb
@@ -4,7 +4,7 @@ get '/browse/?' do
   @page = params[:page]
   @page = 1 if @page.not_an_integer?
 
-  params.delete 'tag' if params[:tag].nil? || params[:tag].strip.empty?
+  params.delete 'tag' if params[:tag].nil? || !params[:tag].is_a?(String) || params[:tag].strip.empty? || params[:tag].match?(Tag::INVALID_TAG_REGEX)
 
   if is_education?
     ds = education_sites_dataset
diff --git a/models/site.rb b/models/site.rb
index 2ff8d012..508af4a5 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -1093,7 +1093,7 @@ class Site < Sequel::Model
 
       new_tags.each do |tag|
         tag.strip!
-        if tag.match(/[^a-zA-Z0-9 ]/)
+        if tag.match(Tag::INVALID_TAG_REGEX)
           errors.add :new_tags_string, "Tag \"#{tag}\" can only contain letters (A-Z) and numbers (0-9)."
           break
         end
diff --git a/models/tag.rb b/models/tag.rb
index 37348477..6a140317 100644
--- a/models/tag.rb
+++ b/models/tag.rb
@@ -2,6 +2,7 @@
 class Tag < Sequel::Model
 	NAME_LENGTH_MAX = 25
 	NAME_WORDS_MAX = 1
+  INVALID_TAG_REGEX = /[^a-zA-Z0-9 ]/
   many_to_many :sites
 
   def before_create