From 3947b0bba1273ee35854418bcb25b4e8eab2df41 Mon Sep 17 00:00:00 2001
From: Nawaz Dhandala <hello@nawazdhandala.com>
Date: Fri, 16 Jan 2026 10:29:20 +0000
Subject: [PATCH] fix: Enhance UUID validation in ObjectID and ProjectUtil
 classes

---
 Common/Types/ObjectID.ts   | 4 ++--
 Common/UI/Utils/Project.ts | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Common/Types/ObjectID.ts b/Common/Types/ObjectID.ts
index 7f292e772e..95f73dfe48 100644
--- a/Common/Types/ObjectID.ts
+++ b/Common/Types/ObjectID.ts
@@ -120,10 +120,10 @@ export default class ObjectID extends DatabaseProperty {
    * Check if a string is a valid UUID format
    */
   public static isValidUUID(id: string): boolean {
-    if (!id || typeof id !== "string") {
+    if (!id) {
       return false;
     }
-    return UUID_REGEX.test(id);
+    return UUID_REGEX.test(id.toString());
   }
 
   /**
diff --git a/Common/UI/Utils/Project.ts b/Common/UI/Utils/Project.ts
index 6d661d2564..0b9239cf3c 100644
--- a/Common/UI/Utils/Project.ts
+++ b/Common/UI/Utils/Project.ts
@@ -20,7 +20,7 @@ export default class ProjectUtil {
       `current_project_id`,
     ) as string;
 
-    if (currentProjectId) {
+    if (currentProjectId && ObjectID.isValidUUID(currentProjectId)) {
       return new ObjectID(currentProjectId);
     }
 
@@ -30,7 +30,9 @@ export default class ProjectUtil {
       projectId = undefined;
     }
 
-    if (projectId) {
+    // Only return the projectId if it's a valid UUID
+    // This prevents URL path segments like "email", "subscribe" etc. from being used as project IDs
+    if (projectId && ObjectID.isValidUUID(projectId)) {
       return new ObjectID(projectId);
     }