})
}
+function isSafePeerTubeFilenameWithoutExtension (filename: string) {
+ return filename.match(/^[a-z0-9-]+$/)
+}
+
function isArray (value: any): value is any[] {
return Array.isArray(value)
}
areUUIDsValid,
toIntArray,
isFileValid,
+ isSafePeerTubeFilenameWithoutExtension,
checkMimetypeRegex
}
import { query } from 'express-validator'
import LRUCache from 'lru-cache'
import { basename, dirname } from 'path'
-import { exists, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
+import { exists, isSafePeerTubeFilenameWithoutExtension, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
import { logger } from '@server/helpers/logger'
import { LRU_CACHE } from '@server/initializers/constants'
import { VideoModel } from '@server/models/video/video'
.customSanitizer(toBooleanOrNull)
.isBoolean().withMessage('Should be a valid reinjectVideoFileToken boolean'),
+ query('playlistName')
+ .optional()
+ .customSanitizer(isSafePeerTubeFilenameWithoutExtension),
+
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
if (areValidationErrors(req, res)) return