]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/controllers/api/users/my-history.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't inject untrusted input
[github/Chocobozzz/PeerTube.git] / server / controllers / api / users / my-history.ts
diff --git a/server/controllers/api/users/my-history.ts b/server/controllers/api/users/my-history.ts
index bc5b40f59ab3446fd1affa7699e312fa264d3ec8..e6d3e86ac42466939c53692c3130df62aee7a8e0 100644 (file)
--- a/server/controllers/api/users/my-history.ts
+++ b/server/controllers/api/users/my-history.ts
@@ -1,3 +1,4 @@
+import { forceNumber } from '@shared/core-utils'
 import express from 'express'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { getFormattedObjects } from '../../../helpers/utils'
@@ -55,7 +56,7 @@ async function listMyVideosHistory (req: express.Request, res: express.Response)
 async function removeUserHistoryElement (req: express.Request, res: express.Response) {
   const user = res.locals.oauth.token.User
 
-  await UserVideoHistoryModel.removeUserHistoryElement(user, parseInt(req.params.videoId + ''))
+  await UserVideoHistoryModel.removeUserHistoryElement(user, forceNumber(req.params.videoId))
 
   return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
 }
ActivityPub-federated video streaming platform using P2P directly in your web browser