aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
committerChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
commit4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch)
tree3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/lib
parent6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff)
downloadPeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip
Don't inject untrusted input
Even if it's already checked in middlewares It's better to have safe modals too
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/activitypub/collection.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/server/lib/activitypub/collection.ts b/server/lib/activitypub/collection.ts
index f897141ea..a176cab51 100644
--- a/server/lib/activitypub/collection.ts
+++ b/server/lib/activitypub/collection.ts
@@ -3,6 +3,7 @@ import validator from 'validator'
3import { pageToStartAndCount } from '@server/helpers/core-utils' 3import { pageToStartAndCount } from '@server/helpers/core-utils'
4import { ACTIVITY_PUB } from '@server/initializers/constants' 4import { ACTIVITY_PUB } from '@server/initializers/constants'
5import { ResultList } from '@shared/models' 5import { ResultList } from '@shared/models'
6import { forceNumber } from '@shared/core-utils'
6 7
7type ActivityPubCollectionPaginationHandler = (start: number, count: number) => Bluebird<ResultList<any>> | Promise<ResultList<any>> 8type ActivityPubCollectionPaginationHandler = (start: number, count: number) => Bluebird<ResultList<any>> | Promise<ResultList<any>>
8 9
@@ -33,7 +34,7 @@ async function activityPubCollectionPagination (
33 let prev: string | undefined 34 let prev: string | undefined
34 35
35 // Assert page is a number 36 // Assert page is a number
36 page = parseInt(page, 10) 37 page = forceNumber(page)
37 38
38 // There are more results 39 // There are more results
39 if (result.total > page * size) { 40 if (result.total > page * size) {