lib/sidekiq/web/application.rb in sidekiq-6.2.0 vs lib/sidekiq/web/application.rb in sidekiq-6.2.1

@@ -80,13 +80,15 @@
       @queues = Sidekiq::Queue.all
 
       erb(:queues)
     end
 
+    QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i
+
     get "/queues/:name" do
       @name = route_params[:name]
 
-      halt(404) unless @name
+      halt(404) if !@name || @name !~ QUEUE_NAME
 
       @count = (params["count"] || 25).to_i
       @queue = Sidekiq::Queue.new(@name)
       (@current_page, @total_size, @messages) = page("queue:#{@name}", params["page"], @count, reverse: params["direction"] == "asc")
       @messages = @messages.map { |msg| Sidekiq::Job.new(msg, @name) }