X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fstatic.ts;h=45d56bcd64da8c6bcbac74fcca69ce2ced143104;hb=b302c80dc0d9ba8eabef9ef6576efe36afc57584;hp=d3d307787a190d8f41efff70572e8e23e315d518;hpb=71e3e879c0616882ee82a0e44f8c2e5ee9698a3e;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/static.ts b/server/middlewares/validators/static.ts
index d3d307787..45d56bcd6 100644
--- a/server/middlewares/validators/static.ts
+++ b/server/middlewares/validators/static.ts
@@ -2,7 +2,7 @@ import express from 'express'
 import { query } from 'express-validator'
 import LRUCache from 'lru-cache'
 import { basename, dirname } from 'path'
-import { exists, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
+import { exists, isSafePeerTubeFilenameWithoutExtension, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
 import { logger } from '@server/helpers/logger'
 import { LRU_CACHE } from '@server/initializers/constants'
 import { VideoModel } from '@server/models/video/video'
@@ -69,6 +69,10 @@ const ensureCanAccessPrivateVideoHLSFiles = [
     .customSanitizer(toBooleanOrNull)
     .isBoolean().withMessage('Should be a valid reinjectVideoFileToken boolean'),
 
+  query('playlistName')
+    .optional()
+    .customSanitizer(isSafePeerTubeFilenameWithoutExtension),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return