updated

Author: waleedlatif1

apps/sim/app/api/tools/confluence/page-properties/route.ts

@@ -238,6 +238,11 @@ export async function PUT(request: NextRequest) {
       return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
     }
 
+    const propertyIdValidation = validateAlphanumericId(propertyId, 'propertyId', 255)
+    if (!propertyIdValidation.isValid) {
+      return NextResponse.json({ error: propertyIdValidation.error }, { status: 400 })
+    }
+
     const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
 
     const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
@@ -315,6 +320,11 @@ export async function DELETE(request: NextRequest) {
       return NextResponse.json({ error: pageIdValidation.error }, { status: 400 })
     }
 
+    const propertyIdValidation = validateAlphanumericId(propertyId, 'propertyId', 255)
+    if (!propertyIdValidation.isValid) {
+      return NextResponse.json({ error: propertyIdValidation.error }, { status: 400 })
+    }
+
     const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
 
     const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')

apps/sim/app/api/tools/confluence/pages/route.ts

@@ -32,15 +32,13 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
     }
 
-    // Use provided cloudId or fetch it if not provided
     const cloudId = providedCloudId || (await getConfluenceCloudId(domain, accessToken))
 
     const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
     if (!cloudIdValidation.isValid) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    // Build the URL with query parameters
     const baseUrl = `https://api.atlassian.com/ex/confluence/${cloudId}/wiki/api/v2/pages`
     const queryParams = new URLSearchParams()
 
@@ -57,7 +55,6 @@ export async function POST(request: NextRequest) {
 
     logger.info(`Fetching Confluence pages from: ${url}`)
 
-    // Make the request to Confluence API with OAuth Bearer token
     const response = await fetch(url, {
       method: 'GET',
       headers: {
@@ -79,7 +76,6 @@ export async function POST(request: NextRequest) {
       } catch (e) {
         logger.error('Could not parse error response as JSON:', e)
 
-        // Try to get the response text for more context
         try {
           const text = await response.text()
           logger.error('Response text:', text)

apps/sim/app/api/tools/confluence/search-in-space/route.ts

@@ -53,15 +53,16 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
-    // Build CQL query
-    let cql = `space = "${spaceKey}"`
+    const escapeCqlValue = (value: string) => value.replace(/"/g, '\\"')
+
+    let cql = `space = "${escapeCqlValue(spaceKey)}"`
 
     if (query) {
-      cql += ` AND text ~ "${query}"`
+      cql += ` AND text ~ "${escapeCqlValue(query)}"`
     }
 
     if (contentType) {
-      cql += ` AND type = "${contentType}"`
+      cql += ` AND type = "${escapeCqlValue(contentType)}"`
     }
 
     const searchParams = new URLSearchParams({

apps/sim/app/api/tools/confluence/search/route.ts

@@ -42,8 +42,10 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
     }
 
+    const escapeCqlValue = (value: string) => value.replace(/"/g, '\\"')
+
     const searchParams = new URLSearchParams({
-      cql: `text ~ "${query}"`,
+      cql: `text ~ "${escapeCqlValue(query)}"`,
       limit: limit.toString(),
     })