From bb4c41be3e3b58fe6011fcb2359502ebe0a04707 Mon Sep 17 00:00:00 2001
From: Sprite <noreply@sprite.dev>
Date: Sat, 7 Feb 2026 19:51:36 +0000
Subject: [PATCH] Add validate_model_id function to digitalocean/lib/common.sh

---
 digitalocean/lib/common.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/digitalocean/lib/common.sh b/digitalocean/lib/common.sh
index f017ea01..94b925fa 100755
--- a/digitalocean/lib/common.sh
+++ b/digitalocean/lib/common.sh
@@ -66,6 +66,18 @@ open_browser() {
     fi
 }
 
+# Validate model ID to prevent command injection
+validate_model_id() {
+    local model_id="$1"
+    if [[ -z "$model_id" ]]; then return 0; fi
+    if [[ ! "$model_id" =~ ^[a-zA-Z0-9/_:.-]+$ ]]; then
+        log_error "Invalid model ID: contains unsafe characters"
+        log_error "Model IDs should only contain: letters, numbers, /, -, _, :, ."
+        return 1
+    fi
+    return 0
+}
+
 # Manually prompt for API key
 get_openrouter_api_key_manual() {
     echo ""