From ec0766abc53a9ed947588f22aea064cc5e039f05 Mon Sep 17 00:00:00 2001
From: Guillermo Roche <groche97@gmail.com>
Date: Sun, 8 Mar 2026 20:40:47 +0000
Subject: [PATCH] Fix vulnerability founded by Paco Santos II

---
 Cargo.lock                            |  2 +-
 src/rewrite_links/links_to_rewrite.rs | 19 +++++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 876f67f..9c1e356 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1382,7 +1382,7 @@ dependencies = [
 
 [[package]]
 name = "mini_admin_bot"
-version = "0.2.6"
+version = "0.2.7"
 dependencies = [
  "anyhow",
  "chrono",
diff --git a/src/rewrite_links/links_to_rewrite.rs b/src/rewrite_links/links_to_rewrite.rs
index e40555e..3a9dc14 100644
--- a/src/rewrite_links/links_to_rewrite.rs
+++ b/src/rewrite_links/links_to_rewrite.rs
@@ -36,7 +36,7 @@ pub fn check_domains(text: String) -> bool {
 pub fn get_domain_from_text(text: String) -> (String, String) {
     for word in text.split(' ') {
         for domain in URLS.keys() {
-            if get_domain(word.to_string()).contains(domain) {
+            if get_domain(word.to_string()).ends_with(domain) {
                 if URLS[domain].1 {
                     let url = match get_tiktok_redirection(String::from(word)) {
                         Ok(furl) => furl,
@@ -126,12 +126,23 @@ fn test_rewrite_instagram_message() {
 }
 
 #[test]
-fn test_bad_redirect_instagram() {
+fn test_bad_url_redirect_instagram() {
     let url_and_domain =
         get_domain_from_text("enlace: https://dominiofake.com/instagram.com espectacular".to_string());
     let domain = filter_string(url_and_domain.0, url_and_domain.1);
-    assert_ne!(
+    assert_eq!(
         domain,
-        Some("https://dominiofake.com/kkinstagram.com".to_string())
+        None
+    );
+}
+
+#[test]
+fn test_bad_domain_redirect_instagram() {
+    let url_and_domain =
+        get_domain_from_text("enlace: https://www.instagram.com.pepe.es/reel/DJAE4JXSvHn/ espectacular".to_string());
+    let domain = filter_string(url_and_domain.0, url_and_domain.1);
+    assert_eq!(
+        domain,
+        None
     );
 }