From 8c3a06b85fdbe5896a3c266dd859474c80a932e3 Mon Sep 17 00:00:00 2001
From: Geovane <87013843+Geovane2Dev@users.noreply.github.com>
Date: Sat, 3 May 2025 21:32:09 +0000
Subject: [PATCH] Potential fix for code scanning alert no. 16: Server-side
 request forgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pages/api/all/[ticket].js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pages/api/all/[ticket].js b/pages/api/all/[ticket].js
index d476646..08108de 100644
--- a/pages/api/all/[ticket].js
+++ b/pages/api/all/[ticket].js
@@ -17,9 +17,11 @@ export default function handler(req, res) {
                 return res.status(400).json({ error: `Ticket not found in the available list. Go to ${process.env.URL}/api/fundamentus/available` });
             }
 
+            const validatedTicket = stockData.ticker; // Use the validated ticker from stockList
+
             return Promise.all([
-                axios.get(`${process.env.URL}/api/fundamentus/${ticket}`),
-                axios.get(`${process.env.URL}/api/quote/${ticket}`)
+                axios.get(`${process.env.URL}/api/fundamentus/${validatedTicket}`),
+                axios.get(`${process.env.URL}/api/quote/${validatedTicket}`)
             ]).then(([fundamentusData, quoteData]) => {
                 const combinedData = {
                     ticket: ticket,