X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fhelpers%2Fcustom-validators%2Fmisc.ts;h=ebab4c6b244ba1277a0424c089e535fd9faac131;hb=2a4c0d8bbe29178ae90e776bb9453f86e6d23bd9;hp=17750379de66946b186ef7d476b50ac1957891cf;hpb=863477173efa82a4412d2e522aa46462249f9199;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/helpers/custom-validators/misc.ts b/server/helpers/custom-validators/misc.ts
index 17750379d..ebab4c6b2 100644
--- a/server/helpers/custom-validators/misc.ts
+++ b/server/helpers/custom-validators/misc.ts
@@ -15,6 +15,10 @@ function isSafePath (p: string) {
     })
 }
 
+function isSafePeerTubeFilenameWithoutExtension (filename: string) {
+  return filename.match(/^[a-z0-9-]+$/)
+}
+
 function isArray (value: any): value is any[] {
   return Array.isArray(value)
 }
@@ -86,7 +90,7 @@ function isFileValid (options: {
 
   // The file exists
   const file = fileArray[0]
-  if (!file || !file.originalname) return false
+  if (!file?.originalname) return false
 
   // Check size
   if ((maxSize !== null) && file.size > maxSize) return false
@@ -103,7 +107,13 @@ function checkMimetypeRegex (fileMimeType: string, mimeTypeRegex: string) {
 // ---------------------------------------------------------------------------
 
 function toCompleteUUID (value: string) {
-  if (isShortUUID(value)) return shortToUUID(value)
+  if (isShortUUID(value)) {
+    try {
+      return shortToUUID(value)
+    } catch {
+      return null
+    }
+  }
 
   return value
 }
@@ -166,5 +176,6 @@ export {
   areUUIDsValid,
   toIntArray,
   isFileValid,
+  isSafePeerTubeFilenameWithoutExtension,
   checkMimetypeRegex
 }