diff --git a/src/Route/Download.php b/src/Route/Download.php index b3e9718..50db9cf 100644 --- a/src/Route/Download.php +++ b/src/Route/Download.php @@ -79,7 +79,7 @@ public function handle( Request $request ): Response { throw HttpException::forForbiddenResource(); } - $slug = sanitize_key( $request['slug'] ); + $slug = preg_replace( '/[^A-Za-z0-9_\-]+/i', '', $request['slug'] ); if ( empty( $slug ) ) { throw HttpException::forUnknownPackage( $slug ); }