diff options
author | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
commit | 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch) | |
tree | 3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/models/user/user.ts | |
parent | 6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff) | |
download | PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip |
Don't inject untrusted input
Even if it's already checked in middlewares
It's better to have safe modals too
Diffstat (limited to 'server/models/user/user.ts')
-rw-r--r-- | server/models/user/user.ts | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/server/models/user/user.ts b/server/models/user/user.ts index f70feed73..672728a2a 100644 --- a/server/models/user/user.ts +++ b/server/models/user/user.ts | |||
@@ -70,6 +70,7 @@ import { VideoImportModel } from '../video/video-import' | |||
70 | import { VideoLiveModel } from '../video/video-live' | 70 | import { VideoLiveModel } from '../video/video-live' |
71 | import { VideoPlaylistModel } from '../video/video-playlist' | 71 | import { VideoPlaylistModel } from '../video/video-playlist' |
72 | import { UserNotificationSettingModel } from './user-notification-setting' | 72 | import { UserNotificationSettingModel } from './user-notification-setting' |
73 | import { forceNumber } from '@shared/core-utils' | ||
73 | 74 | ||
74 | enum ScopeNames { | 75 | enum ScopeNames { |
75 | FOR_ME_API = 'FOR_ME_API', | 76 | FOR_ME_API = 'FOR_ME_API', |
@@ -900,27 +901,27 @@ export class UserModel extends Model<Partial<AttributesOnly<UserModel>>> { | |||
900 | videoQuotaDaily: this.videoQuotaDaily, | 901 | videoQuotaDaily: this.videoQuotaDaily, |
901 | 902 | ||
902 | videoQuotaUsed: videoQuotaUsed !== undefined | 903 | videoQuotaUsed: videoQuotaUsed !== undefined |
903 | ? parseInt(videoQuotaUsed + '', 10) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) | 904 | ? forceNumber(videoQuotaUsed) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) |
904 | : undefined, | 905 | : undefined, |
905 | 906 | ||
906 | videoQuotaUsedDaily: videoQuotaUsedDaily !== undefined | 907 | videoQuotaUsedDaily: videoQuotaUsedDaily !== undefined |
907 | ? parseInt(videoQuotaUsedDaily + '', 10) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) | 908 | ? forceNumber(videoQuotaUsedDaily) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) |
908 | : undefined, | 909 | : undefined, |
909 | 910 | ||
910 | videosCount: videosCount !== undefined | 911 | videosCount: videosCount !== undefined |
911 | ? parseInt(videosCount + '', 10) | 912 | ? forceNumber(videosCount) |
912 | : undefined, | 913 | : undefined, |
913 | abusesCount: abusesCount | 914 | abusesCount: abusesCount |
914 | ? parseInt(abusesCount, 10) | 915 | ? forceNumber(abusesCount) |
915 | : undefined, | 916 | : undefined, |
916 | abusesAcceptedCount: abusesAcceptedCount | 917 | abusesAcceptedCount: abusesAcceptedCount |
917 | ? parseInt(abusesAcceptedCount, 10) | 918 | ? forceNumber(abusesAcceptedCount) |
918 | : undefined, | 919 | : undefined, |
919 | abusesCreatedCount: abusesCreatedCount !== undefined | 920 | abusesCreatedCount: abusesCreatedCount !== undefined |
920 | ? parseInt(abusesCreatedCount + '', 10) | 921 | ? forceNumber(abusesCreatedCount) |
921 | : undefined, | 922 | : undefined, |
922 | videoCommentsCount: videoCommentsCount !== undefined | 923 | videoCommentsCount: videoCommentsCount !== undefined |
923 | ? parseInt(videoCommentsCount + '', 10) | 924 | ? forceNumber(videoCommentsCount) |
924 | : undefined, | 925 | : undefined, |
925 | 926 | ||
926 | noInstanceConfigWarningModal: this.noInstanceConfigWarningModal, | 927 | noInstanceConfigWarningModal: this.noInstanceConfigWarningModal, |