Don't inject untrusted input

[github/Chocobozzz/PeerTube.git] / server / models / server / plugin.ts

diff --git a/server/models/server/plugin.ts b/server/models/server/plugin.ts
index fa5b4cc4b3c51d9b99316712d57801ec8ea1b4dd..6a5d801823f42b0768c38357f168f620c10bebcd 100644 (file)
--- a/server/models/server/plugin.ts
+++ b/server/models/server/plugin.ts
@@ -7,8 +7,9 @@ import {
   isPluginDescriptionValid,
   isPluginHomepage,
   isPluginNameValid,
-  isPluginTypeValid,
-  isPluginVersionValid
+  isPluginStableOrUnstableVersionValid,
+  isPluginStableVersionValid,
+  isPluginTypeValid
 } from '../../helpers/custom-validators/plugins'
 import { getSort, throwIfNotValid } from '../utils'
 
@@ -40,12 +41,12 @@ export class PluginModel extends Model<Partial<AttributesOnly<PluginModel>>> {
   type: number
 
   @AllowNull(false)
-  @Is('PluginVersion', value => throwIfNotValid(value, isPluginVersionValid, 'version'))
+  @Is('PluginVersion', value => throwIfNotValid(value, isPluginStableOrUnstableVersionValid, 'version'))
   @Column
   version: string
 
   @AllowNull(true)
-  @Is('PluginLatestVersion', value => throwIfNotValid(value, isPluginVersionValid, 'version'))
+  @Is('PluginLatestVersion', value => throwIfNotValid(value, isPluginStableVersionValid, 'version'))
   @Column
   latestVersion: string