From b98346f3c3ffbc14868bf4b0e7b5f1c73da81dd4 Mon Sep 17 00:00:00 2001
From: ShadowArcanist <162910371+ShadowArcanist@users.noreply.github.com>
Date: Sun, 29 Mar 2026 03:02:15 +0530
Subject: [PATCH] fix(validation): validate cron expressions in update backup
 API endpoint

---
 app/Http/Controllers/Api/DatabasesController.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/DatabasesController.php b/app/Http/Controllers/Api/DatabasesController.php
index a73bde1ae..856649b91 100644
--- a/app/Http/Controllers/Api/DatabasesController.php
+++ b/app/Http/Controllers/Api/DatabasesController.php
@@ -928,7 +928,7 @@ public function update_backup(Request $request)
             'dump_all' => 'boolean',
             's3_storage_uuid' => 'string|exists:s3_storages,uuid|nullable',
             'databases_to_backup' => 'string|nullable',
-            'frequency' => 'string|in:every_minute,hourly,daily,weekly,monthly,yearly',
+            'frequency' => 'string',
             'database_backup_retention_amount_locally' => 'integer|min:0',
             'database_backup_retention_days_locally' => 'integer|min:0',
             'database_backup_retention_max_storage_locally' => 'integer|min:0',
@@ -962,6 +962,17 @@ public function update_backup(Request $request)
 
         $this->authorize('update', $database);
 
+        // Validate frequency is a valid cron expression
+        if ($request->filled('frequency')) {
+            $isValid = validate_cron_expression($request->frequency);
+            if (! $isValid) {
+                return response()->json([
+                    'message' => 'Validation failed.',
+                    'errors' => ['frequency' => ['Invalid cron expression or frequency format.']],
+                ], 422);
+            }
+        }
+
         if ($request->boolean('save_s3') && ! $request->filled('s3_storage_uuid')) {
             return response()->json([
                 'message' => 'Validation failed.',