From e9e4beb6ebe36955e07f424e4d4f9e0f99af4f2f Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Fri, 8 Aug 2025 10:38:29 -0500
Subject: [PATCH] regexp quotes for inputs

---
 app/create.rb       | 2 +-
 app/site.rb         | 2 +-
 ext/string.rb       | 2 +-
 models/site.rb      | 6 +++---
 models/site_file.rb | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/create.rb b/app/create.rb
index b3de789b..5d02f226 100644
--- a/app/create.rb
+++ b/app/create.rb
@@ -6,7 +6,7 @@ def education_whitelist_required?
 end
 
 def education_whitelisted?
-  return true if education_whitelist_required? && !$config['education_tag_whitelist'].select {|t| params[:new_tags_string].match(t)}.empty?
+  return true if education_whitelist_required? && !$config['education_tag_whitelist'].select {|t| params[:new_tags_string].match(Regexp.quote(t))}.empty?
   false
 end
 
diff --git a/app/site.rb b/app/site.rb
index 7770a31d..8545d1dd 100644
--- a/app/site.rb
+++ b/app/site.rb
@@ -282,7 +282,7 @@ post '/site/:username/block' do |username|
 
   current_site.block! site
 
-  if request.referer.match /\/site\/#{username}/i
+  if request.referer.match /\/site\/#{Regexp.quote(username)}/i
     redirect '/'
   else
     redirect request.referer
diff --git a/ext/string.rb b/ext/string.rb
index 08a38283..0897fa1a 100644
--- a/ext/string.rb
+++ b/ext/string.rb
@@ -9,7 +9,7 @@ class String
   end
 
   def unindent
-    gsub /^#{scan(/^\s*/).min_by{|l|l.length}}/, ""
+    gsub /^#{Regexp.quote(scan(/^\s*/).min_by{|l|l.length})}/, ""
   end
 
   def blank?
diff --git a/models/site.rb b/models/site.rb
index c4e20485..d8b8f875 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -731,11 +731,11 @@ class Site < Sequel::Model
     email.strip!
 
     disposable_email_domains_whitelist.each do |whitelisted_disposable_email_domain|
-      return false if email.match /@#{whitelisted_disposable_email_domain}$/i
+      return false if email.match /@#{Regexp.quote(whitelisted_disposable_email_domain)}$/i
     end
 
     disposable_email_domains.each do |disposable_email_domain|
-      return true if email.match /@#{disposable_email_domain}$/i
+      return true if email.match /@#{Regexp.quote(disposable_email_domain)}$/i
     end
 
     false
@@ -748,7 +748,7 @@ class Site < Sequel::Model
     email.strip!
 
     banned_email_domains.each do |banned_email_domain|
-      return true if email.match /@*#{banned_email_domain}$/i
+      return true if email.match /@*#{Regexp.quote(banned_email_domain)}$/i
     end
 
     false
diff --git a/models/site_file.rb b/models/site_file.rb
index 6644b99d..0b053ed3 100644
--- a/models/site_file.rb
+++ b/models/site_file.rb
@@ -116,10 +116,10 @@ class SiteFile < Sequel::Model
       self.save_changes
 
       if is_directory
-        site_files_in_dir = site.site_files.select {|sf| sf.path =~ /^#{current_path}\//}
+        site_files_in_dir = site.site_files.select {|sf| sf.path =~ /^#{Regexp.quote(current_path)}\//}
         site_files_in_dir.each do |site_file|
           original_site_file_path = site_file.path
-          site_file.path = site_file.path.gsub(/^#{current_path}\//, "#{new_path}\/")
+          site_file.path = site_file.path.gsub(/^#{Regexp.quote(current_path)}\//, "#{Regexp.quote(new_path)}\/")
           site_file.save_changes
           site.delete_thumbnail_or_screenshot original_site_file_path
           site.generate_thumbnail_or_screenshot site_file.path