From 3128cbaefba92fc64ae82081230430a0de183911 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Thu, 14 Mar 2024 10:30:18 +0100
Subject: [PATCH] Dont allow `/` in article title (fixes #25)

---
 src/backend/api/article.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/backend/api/article.rs b/src/backend/api/article.rs
index 1cc456a..65ec48e 100644
--- a/src/backend/api/article.rs
+++ b/src/backend/api/article.rs
@@ -47,6 +47,9 @@ pub(in crate::backend::api) async fn create_article(
     if create_article.title.is_empty() {
         return Err(anyhow!("Title must not be empty").into());
     }
+    if create_article.title.contains('/') {
+        return Err(anyhow!("Invalid character `/`").into());
+    }
 
     let local_instance = DbInstance::read_local_instance(&data)?;
     let escaped_title = create_article.title.replace(' ', "_");