fix. query validation

Author: localhost433

api/github-languages.js

@@ -2,8 +2,8 @@ import fetch from "node-fetch";
 
 export default async function handler(req, res) {
   const { repo } = req.query;
-  if (!repo) {
-    return res.status(400).json({ error: "Missing repo query parameter" });
+  if (!repo || typeof repo !== 'string' || !/^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/.test(repo)) {
+    return res.status(400).json({ error: "Invalid or missing repo query parameter" });
   }
 
   const token = process.env.GITHUB_PAT || '';

notes/courses/MATH-UA-334/index.json

@@ -43,5 +43,10 @@
         "slug": "09-method-of-moments",
         "title": "9 - Method of Moments",
         "date": "2026-02-18"
+    },
+    {
+        "slug": "10-maximum-likelihood-estimation",
+        "title": "10 - Maximum Likelihood Estimation",
+        "date": "2026-02-23"
     }
 ]

notes/js/note.js

@@ -64,8 +64,8 @@ fetch(`/notes/courses/${course}/${noteSlug}.md`)
             (_, num) => `<sup id="fnref${num}"><a href="#fn${num}">${num}</a></sup>`
         );
 
-        const back = document.getElementById("back-to-course");
-        back.href = `course.html?id=${encodeURIComponent(course)}`;
+        const back = document.querySelectorAll("#back-to-course, .back-link, .top-back-link");
+        back.forEach(back => back.href = `course.html?id=${encodeURIComponent(course)}`);
 
     const h1 = document.createElement("h1");
     h1.textContent = meta.title || noteSlug;