X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=server%2Fhelpers%2Fcustom-validators%2Fmisc.ts;h=cf32201c411a6532e6c002c88282b699657ddee7;hb=134cf2bce96a8c5aefd55154e884964975d8cf23;hp=a093e3e1b8eaac1d2bfc7675c22f02cd22e922a4;hpb=cef534ed53e4518fe0acf581bfe880788d42fc36;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/custom-validators/misc.ts b/server/helpers/custom-validators/misc.ts
index a093e3e1b..cf32201c4 100644
--- a/server/helpers/custom-validators/misc.ts
+++ b/server/helpers/custom-validators/misc.ts
@@ -1,16 +1,28 @@
 import 'multer'
-import * as validator from 'validator'
+import validator from 'validator'
+import { sep } from 'path'
 
 function exists (value: any) {
   return value !== undefined && value !== null
 }
 
+function isSafePath (p: string) {
+  return exists(p) &&
+    (p + '').split(sep).every(part => {
+      return [ '..' ].includes(part) === false
+    })
+}
+
 function isArray (value: any) {
   return Array.isArray(value)
 }
 
-function isIntArray (value: any) {
-  return Array.isArray(value) && value.every(v => validator.isInt('' + v))
+function isNotEmptyIntArray (value: any) {
+  return Array.isArray(value) && value.every(v => validator.isInt('' + v)) && value.length !== 0
+}
+
+function isArrayOf (value: any, validator: (value: any) => boolean) {
+  return isArray(value) && value.every(v => validator(v))
 }
 
 function isDateValid (value: string) {
@@ -34,9 +46,21 @@ function isBooleanValid (value: any) {
 }
 
 function toIntOrNull (value: string) {
-  if (value === 'null') return null
+  const v = toValueOrNull(value)
+
+  if (v === null || v === undefined) return v
+  if (typeof v === 'number') return v
 
-  return validator.toInt(value)
+  return validator.toInt('' + v)
+}
+
+function toBooleanOrNull (value: any) {
+  const v = toValueOrNull(value)
+
+  if (v === null || v === undefined) return v
+  if (typeof v === 'boolean') return v
+
+  return validator.toBoolean('' + v)
 }
 
 function toValueOrNull (value: string) {
@@ -45,12 +69,19 @@ function toValueOrNull (value: string) {
   return value
 }
 
-function toArray (value: string) {
+function toArray (value: any) {
   if (value && isArray(value) === false) return [ value ]
 
   return value
 }
 
+function toIntArray (value: any) {
+  if (!value) return []
+  if (isArray(value) === false) return [ validator.toInt(value) ]
+
+  return value.map(v => validator.toInt(v))
+}
+
 function isFileValid (
   files: { [ fieldname: string ]: Express.Multer.File[] } | Express.Multer.File[],
   mimeTypeRegex: string,
@@ -63,13 +94,13 @@ function isFileValid (
   if (isArray(files)) return optional
 
   // Should have a file
-  const fileArray = files[ field ]
+  const fileArray = files[field]
   if (!fileArray || fileArray.length === 0) {
     return optional
   }
 
   // The file should exist
-  const file = fileArray[ 0 ]
+  const file = fileArray[0]
   if (!file || !file.originalname) return false
 
   // Check size
@@ -82,15 +113,19 @@ function isFileValid (
 
 export {
   exists,
-  isIntArray,
+  isArrayOf,
+  isNotEmptyIntArray,
   isArray,
   isIdValid,
+  isSafePath,
   isUUIDValid,
   isIdOrUUIDValid,
   isDateValid,
   toValueOrNull,
+  toBooleanOrNull,
   isBooleanValid,
   toIntOrNull,
   toArray,
+  toIntArray,
   isFileValid
 }