From 3b417ebbf948b794dde5f1192ca8710c82f90075 Mon Sep 17 00:00:00 2001
From: Felix Eckhofer <felix@eckhofer.com>
Date: Fri, 27 Dec 2024 03:09:51 +0100
Subject: [PATCH] Add note

---
 app/models/session.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/models/session.rb b/app/models/session.rb
index ffeaad4..bfc2247 100644
--- a/app/models/session.rb
+++ b/app/models/session.rb
@@ -13,6 +13,7 @@ class Session < ApplicationRecord
   scope :future, -> { where(starts_at: Time.now..) }
 
   validates :ref_id, uniqueness: { scope: :conference_id }
+  # ref_id is used as part of a path, so make sure its safe
   validates :ref_id, format: { with: /\A[0-9a-fA-F-]+\z/, message: "only allows hexadecimal characters and minus" }
 
   after_update :notify_if_changed
-- 
GitLab