From a408cf27ccf501bbed9313208a0d8a626fde4fab Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Thu, 8 Jan 2026 11:38:55 +0200
Subject: [PATCH] fix(daemon-name): check for forbidden character in daemon
 name

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 lib/Service/DaemonConfigService.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/lib/Service/DaemonConfigService.php b/lib/Service/DaemonConfigService.php
index cf3648c06..07b3e077a 100644
--- a/lib/Service/DaemonConfigService.php
+++ b/lib/Service/DaemonConfigService.php
@@ -31,7 +31,21 @@ public function __construct(
 	) {
 	}
 
+	/**
+	 * Validate that a string does not contain control characters.
+	 * Control characters (0x00-0x1F and 0x7F) can cause issues with URL routing and display.
+	 */
+	private function containsControlCharacters(string $value): bool {
+		return preg_match('/[\x00-\x1F\x7F]/', $value) === 1;
+	}
+
 	public function registerDaemonConfig(array $params): ?DaemonConfig {
+		$name = $params['name'] ?? '';
+		if ($name === '' || $this->containsControlCharacters($name)) {
+			$this->logger->error('Failed to register daemon configuration: `name` contains invalid characters or is empty.');
+			return null;
+		}
+
 		if (!isset($params['deploy_config']['net'])) {
 			$this->logger->error('Failed to register daemon configuration: `net` key should be present in the deploy config.');
 			return null;
@@ -133,6 +147,12 @@ public function getDaemonConfigByName(string $name): ?DaemonConfig {
 	}
 
 	public function updateDaemonConfig(DaemonConfig $daemonConfig): ?DaemonConfig {
+		$name = $daemonConfig->getName() ?? '';
+		if ($name === '' || $this->containsControlCharacters($name)) {
+			$this->logger->error('Failed to update daemon configuration: `name` contains invalid characters or is empty.');
+			return null;
+		}
+
 		try {
 			return $this->mapper->update($daemonConfig);
 		} catch (Exception $e) {