aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/models/user/user.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
committerChocobozzz <me@florianbigard.com>2022-11-15 14:41:55 +0100
commit4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch)
tree3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/models/user/user.ts
parent6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff)
downloadPeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip
Don't inject untrusted input
Even if it's already checked in middlewares It's better to have safe modals too
Diffstat (limited to 'server/models/user/user.ts')
-rw-r--r--server/models/user/user.ts15
1 files changed, 8 insertions, 7 deletions
diff --git a/server/models/user/user.ts b/server/models/user/user.ts
index f70feed73..672728a2a 100644
--- a/server/models/user/user.ts
+++ b/server/models/user/user.ts
@@ -70,6 +70,7 @@ import { VideoImportModel } from '../video/video-import'
70import { VideoLiveModel } from '../video/video-live' 70import { VideoLiveModel } from '../video/video-live'
71import { VideoPlaylistModel } from '../video/video-playlist' 71import { VideoPlaylistModel } from '../video/video-playlist'
72import { UserNotificationSettingModel } from './user-notification-setting' 72import { UserNotificationSettingModel } from './user-notification-setting'
73import { forceNumber } from '@shared/core-utils'
73 74
74enum ScopeNames { 75enum ScopeNames {
75 FOR_ME_API = 'FOR_ME_API', 76 FOR_ME_API = 'FOR_ME_API',
@@ -900,27 +901,27 @@ export class UserModel extends Model<Partial<AttributesOnly<UserModel>>> {
900 videoQuotaDaily: this.videoQuotaDaily, 901 videoQuotaDaily: this.videoQuotaDaily,
901 902
902 videoQuotaUsed: videoQuotaUsed !== undefined 903 videoQuotaUsed: videoQuotaUsed !== undefined
903 ? parseInt(videoQuotaUsed + '', 10) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) 904 ? forceNumber(videoQuotaUsed) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id)
904 : undefined, 905 : undefined,
905 906
906 videoQuotaUsedDaily: videoQuotaUsedDaily !== undefined 907 videoQuotaUsedDaily: videoQuotaUsedDaily !== undefined
907 ? parseInt(videoQuotaUsedDaily + '', 10) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id) 908 ? forceNumber(videoQuotaUsedDaily) + LiveQuotaStore.Instance.getLiveQuotaOf(this.id)
908 : undefined, 909 : undefined,
909 910
910 videosCount: videosCount !== undefined 911 videosCount: videosCount !== undefined
911 ? parseInt(videosCount + '', 10) 912 ? forceNumber(videosCount)
912 : undefined, 913 : undefined,
913 abusesCount: abusesCount 914 abusesCount: abusesCount
914 ? parseInt(abusesCount, 10) 915 ? forceNumber(abusesCount)
915 : undefined, 916 : undefined,
916 abusesAcceptedCount: abusesAcceptedCount 917 abusesAcceptedCount: abusesAcceptedCount
917 ? parseInt(abusesAcceptedCount, 10) 918 ? forceNumber(abusesAcceptedCount)
918 : undefined, 919 : undefined,
919 abusesCreatedCount: abusesCreatedCount !== undefined 920 abusesCreatedCount: abusesCreatedCount !== undefined
920 ? parseInt(abusesCreatedCount + '', 10) 921 ? forceNumber(abusesCreatedCount)
921 : undefined, 922 : undefined,
922 videoCommentsCount: videoCommentsCount !== undefined 923 videoCommentsCount: videoCommentsCount !== undefined
923 ? parseInt(videoCommentsCount + '', 10) 924 ? forceNumber(videoCommentsCount)
924 : undefined, 925 : undefined,
925 926
926 noInstanceConfigWarningModal: this.noInstanceConfigWarningModal, 927 noInstanceConfigWarningModal: this.noInstanceConfigWarningModal,