From 14f046f71aae3f1d9ec93ec1f813ca30d1f79eb4 Mon Sep 17 00:00:00 2001
From: Lncvrt <lncvrtreal@gmail.com>
Date: Tue, 9 Sep 2025 22:49:06 -0700
Subject: [PATCH] Validate chatroom report content

---
 database/reportChatroomMessage.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/database/reportChatroomMessage.php b/database/reportChatroomMessage.php
index c7fb442..21dbb35 100644
--- a/database/reportChatroomMessage.php
+++ b/database/reportChatroomMessage.php
@@ -9,6 +9,10 @@ $reason = $post['reason'] ?? '';
 $token = $post['token'] ?? '';
 $username = $post['username'] ?? '';
 
+if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~]+$/', $reason)) {
+    exitWithMessage(json_encode(["success" => false]));
+}
+
 $conn = newConnection();
 
 $stmt = $conn->prepare("SELECT * FROM users WHERE token = ? AND username = ?");