From 7474fdd08fd937254b4b7e4d71b14eb222fe85aa Mon Sep 17 00:00:00 2001
From: Javier Marcos <1271349+javuto@users.noreply.github.com>
Date: Tue, 24 Feb 2026 00:24:29 +0100
Subject: [PATCH 1/2] Filter hostname on environment edit action

---
 cmd/admin/handlers/post.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/admin/handlers/post.go b/cmd/admin/handlers/post.go
index ece64fd1..46ee6cd9 100644
--- a/cmd/admin/handlers/post.go
+++ b/cmd/admin/handlers/post.go
@@ -883,6 +883,10 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 			adminErrorResponse(w, "invalid environment UUID", http.StatusInternalServerError, nil)
 			return
 		}
+		if !environments.HostnameFilter(c.Hostname) {
+			adminErrorResponse(w, "invalid hostname", http.StatusInternalServerError, nil)
+			return
+		}
 		if h.Envs.Exists(c.UUID) {
 			if err := h.Envs.UpdateHostname(c.UUID, c.Hostname); err != nil {
 				adminErrorResponse(w, "error updating hostname", http.StatusInternalServerError, err)

From 8997ba99ee5e5301878bc08830dad18cb03436e1 Mon Sep 17 00:00:00 2001
From: Javier Marcos <1271349+javuto@users.noreply.github.com>
Date: Tue, 24 Feb 2026 00:34:51 +0100
Subject: [PATCH 2/2] Using StatusBadRequest as error

---
 cmd/admin/handlers/post.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cmd/admin/handlers/post.go b/cmd/admin/handlers/post.go
index 46ee6cd9..7c6477e5 100644
--- a/cmd/admin/handlers/post.go
+++ b/cmd/admin/handlers/post.go
@@ -817,7 +817,7 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 	case "create":
 		//  Verify request fields
 		if !environments.VerifyEnvFilters(c.Name, c.Icon, c.Type, c.Hostname) {
-			adminErrorResponse(w, "invalid data", http.StatusInternalServerError, nil)
+			adminErrorResponse(w, "invalid data", http.StatusBadRequest, nil)
 			return
 		}
 		// Proceed with request data
@@ -867,7 +867,7 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 	case "delete":
 		//  Verify request fields
 		if !environments.EnvNameFilter(c.Name) {
-			adminErrorResponse(w, "invalid environment name", http.StatusInternalServerError, nil)
+			adminErrorResponse(w, "invalid environment name", http.StatusBadRequest, nil)
 			return
 		}
 		if h.Envs.Exists(c.Name) {
@@ -880,11 +880,11 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 	case "edit":
 		//  Verify request fields
 		if !environments.EnvUUIDFilter(c.UUID) {
-			adminErrorResponse(w, "invalid environment UUID", http.StatusInternalServerError, nil)
+			adminErrorResponse(w, "invalid environment UUID", http.StatusBadRequest, nil)
 			return
 		}
 		if !environments.HostnameFilter(c.Hostname) {
-			adminErrorResponse(w, "invalid hostname", http.StatusInternalServerError, nil)
+			adminErrorResponse(w, "invalid hostname", http.StatusBadRequest, nil)
 			return
 		}
 		if h.Envs.Exists(c.UUID) {