force to escape path if regular expression is invalid

src/server/models/page.js

@@ -188,7 +188,16 @@ class PageQueryBuilder {
       ? escapeStringRegexp(path) // escape
       : pathSlashOmitted;
 
-    const queryReg = new RegExp(`^${pattern}`);
+    let queryReg;
+    try {
+      queryReg = new RegExp(`^${pattern}`);
+    }
+    // if regular expression is invalid
+    catch (e) {
+      // force to escape
+      queryReg = new RegExp(`^${escapeStringRegexp(pattern)}`);
+    }
+
     pathCondition.push({ path: queryReg });
 
     this.query = this.query

src/server/routes/page.js

@@ -252,7 +252,7 @@ module.exports = function(crowi, app) {
     addRendarVarsForScope(renderVars, page);
 
     await addRenderVarsForSlack(renderVars, page);
-    await addRenderVarsForDescendants(renderVars, path, req.user, offset, limit);
+    await addRenderVarsForDescendants(renderVars, path, req.user, offset, limit, true);
 
     if (isUserPage(page.path)) {
       // change template