aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/pagination.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
committerChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
commit4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch)
tree3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/middlewares/pagination.ts
parent6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff)
downloadPeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip
Don't inject untrusted input
Even if it's already checked in middlewares It's better to have safe modals too
Diffstat (limited to 'server/middlewares/pagination.ts')
-rw-r--r--server/middlewares/pagination.ts5
1 files changed, 3 insertions, 2 deletions
diff --git a/server/middlewares/pagination.ts b/server/middlewares/pagination.ts
index 9812af9e4..17e43f743 100644
--- a/server/middlewares/pagination.ts
+++ b/server/middlewares/pagination.ts
@@ -1,12 +1,13 @@
1import express from 'express' 1import express from 'express'
2import { forceNumber } from '@shared/core-utils'
2import { PAGINATION } from '../initializers/constants' 3import { PAGINATION } from '../initializers/constants'
3 4
4function setDefaultPagination (req: express.Request, res: express.Response, next: express.NextFunction) { 5function setDefaultPagination (req: express.Request, res: express.Response, next: express.NextFunction) {
5 if (!req.query.start) req.query.start = 0 6 if (!req.query.start) req.query.start = 0
6 else req.query.start = parseInt(req.query.start, 10) 7 else req.query.start = forceNumber(req.query.start)
7 8
8 if (!req.query.count) req.query.count = PAGINATION.GLOBAL.COUNT.DEFAULT 9 if (!req.query.count) req.query.count = PAGINATION.GLOBAL.COUNT.DEFAULT
9 else req.query.count = parseInt(req.query.count, 10) 10 else req.query.count = forceNumber(req.query.count)
10 11
11 return next() 12 return next()
12} 13}