From d8254c4d9aa89aa5bf2ba549502386ffa844bfbf Mon Sep 17 00:00:00 2001
From: Sameer <142401625+sameer6pre@users.noreply.github.com>
Date: Fri, 20 Jun 2025 18:36:21 +0530
Subject: [PATCH] Update orbit-app/src/pages/profile.jsx in branch
 Precogs-fix-5mbcj0zo

---
 orbit-app/src/pages/profile.jsx | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/orbit-app/src/pages/profile.jsx b/orbit-app/src/pages/profile.jsx
index 782625e..b32e214 100644
--- a/orbit-app/src/pages/profile.jsx
+++ b/orbit-app/src/pages/profile.jsx
@@ -15,10 +15,13 @@ export const deleteUser = async (userId) => {
   return response.data;
 };
 
-export const fetchUserProfile = async (userId) => {
-  const response = await axios.get(`${BASE_URL}/get-user/${userId}`);
+async (userId) => {
+  if (!/^[a-zA-Z0-9_-]+$/.test(userId)) { // Validate userId against a whitelist of allowed characters
+    throw new Error('Invalid userId');
+  }
+  const response = await axios.get(`${BASE_URL}/get-user/${encodeURIComponent(userId)}`); // Encode userId to prevent injection
   return response.data;
-};
+}
 
 function Profile() {
   const [userData, setUserData] = useState({});