From 012e5b2b4e2866b24f90755dafe7f62584e3e6af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?William=20Herg=C3=A8s?= <william@herges.fr>
Date: Tue, 30 Dec 2025 19:10:39 +0100
Subject: fix(storage): enforce target and ref checking for stats

---
 backend/storage/stats.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'backend')

diff --git a/backend/storage/stats.go b/backend/storage/stats.go
index 76d1c82..345164e 100644
--- a/backend/storage/stats.go
+++ b/backend/storage/stats.go
@@ -57,6 +57,9 @@ const HumanPageLoad = "/assets/styles.css"
 
 func UpdateStats(ctx context.Context, r *http.Request, domain string) error {
 	target := r.URL.Path
+	if !strings.HasPrefix(target, "/") {
+		target = "/" + target
+	}
 	if strings.HasPrefix(target, "/admin") {
 		return nil
 	}
@@ -71,6 +74,9 @@ func UpdateStats(ctx context.Context, r *http.Request, domain string) error {
 	ref = refUrl.Host
 	if ref == domain || ref == fmt.Sprintf("localhost:%d", 8000) {
 		ref = refUrl.Path
+		if !strings.HasPrefix(ref, "/") {
+			ref = "/" + ref
+		}
 		if ref == target || strings.HasPrefix(ref, "/admin") || ref == "/favicon.ico" {
 			return nil
 		}
-- 
cgit v1.2.3