]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/middlewares/validators/abuse.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't inject untrusted input
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / abuse.ts
diff --git a/server/middlewares/validators/abuse.ts b/server/middlewares/validators/abuse.ts
index 9b94008ce2977a26d2dfd4136f087f2a89449dd4..70bae17758d48a8308529d862e5f9a22e7971036 100644 (file)
--- a/server/middlewares/validators/abuse.ts
+++ b/server/middlewares/validators/abuse.ts
@@ -18,6 +18,7 @@ import { AbuseMessageModel } from '@server/models/abuse/abuse-message'
 import { AbuseCreate, UserRight } from '@shared/models'
 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
 import { areValidationErrors, doesAbuseExist, doesAccountIdExist, doesCommentIdExist, doesVideoExist } from './shared'
+import { forceNumber } from '@shared/core-utils'
 
 const abuseReportValidator = [
   body('account.id')
@@ -216,7 +217,7 @@ const deleteAbuseMessageValidator = [
     const user = res.locals.oauth.token.user
     const abuse = res.locals.abuse
 
-    const messageId = parseInt(req.params.messageId + '', 10)
+    const messageId = forceNumber(req.params.messageId)
     const abuseMessage = await AbuseMessageModel.loadByIdAndAbuseId(messageId, abuse.id)
 
     if (!abuseMessage) {
ActivityPub-federated video streaming platform using P2P directly in your web browser