Merge pull request #4 from freifunkMUC/alert-autofix-1

GoliathLabs · web-flow · commit b21ff8d612ed · 2025-12-19T17:50:37.000+01:00
Potential fix for code scanning alert no. 1: Type confusion through parameter tampering
diff --git a/index.js b/index.js
@@ -105,7 +105,12 @@ router.get("/mail/config-v1.1.xml", async (ctx) => {
 router.get("/email.mobileconfig", async (ctx) => {
 	let email = ctx.request.query.email;
 
-	if (!email) {
+	// Ensure email is a single string value, not an array, to avoid type confusion issues
+	if (Array.isArray(email)) {
+		email = email[0] || "";
+	}
+
+	if (!email || typeof email !== "string") {
 		ctx.status = 400;
 		return;
 	}
