]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/middlewares/validators/shared/video-ownerships.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Don't inject untrusted input
[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / shared / video-ownerships.ts
diff --git a/server/middlewares/validators/shared/video-ownerships.ts b/server/middlewares/validators/shared/video-ownerships.ts
index 93a23ef40ee6f0985502eff43c2dd35c6e3c657d..33ac9c8b69eefccf23c6d4836509748638a6970e 100644 (file)
--- a/server/middlewares/validators/shared/video-ownerships.ts
+++ b/server/middlewares/validators/shared/video-ownerships.ts
@@ -1,9 +1,10 @@
-import * as express from 'express'
+import express from 'express'
 import { VideoChangeOwnershipModel } from '@server/models/video/video-change-ownership'
+import { forceNumber } from '@shared/core-utils'
 import { HttpStatusCode } from '@shared/models'
 
 async function doesChangeVideoOwnershipExist (idArg: number | string, res: express.Response) {
-  const id = parseInt(idArg + '', 10)
+  const id = forceNumber(idArg)
   const videoChangeOwnership = await VideoChangeOwnershipModel.load(id)
 
   if (!videoChangeOwnership) {
ActivityPub-federated video streaming platform using P2P directly in your web browser