From 32313928eb9ce906887b8a30bf7b9a3d5c0de1be Mon Sep 17 00:00:00 2001
From: Nijat <87544644+0xs1ash@users.noreply.github.com>
Date: Tue, 24 Dec 2024 17:15:34 +0400
Subject: [PATCH] Update roxy.py

---
 app/modules/roxywi/roxy.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/modules/roxywi/roxy.py b/app/modules/roxywi/roxy.py
index 9bb850ec..7a7f97bb 100644
--- a/app/modules/roxywi/roxy.py
+++ b/app/modules/roxywi/roxy.py
@@ -100,6 +100,8 @@ def action_service(action: str, service: str) -> str:
 		'stop': 'disable --now',
 		'restart': 'restart',
 	}
+	if not re.match(r'^[a-zA-Z0-9\.\-]+$', service):
+			return f"Invalid service name: {service}. Only alphanumeric characters, dots, and hyphens are allowed."
 	cmd = f"sudo systemctl {actions[action]} {service}"
 	if not roxy_sql.select_user_status():
 		return 'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing" ' \