diff options
author | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
commit | 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch) | |
tree | 3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/tools | |
parent | 6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff) | |
download | PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip |
Don't inject untrusted input
Even if it's already checked in middlewares
It's better to have safe modals too
Diffstat (limited to 'server/tools')
-rw-r--r-- | server/tools/peertube-redundancy.ts | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/server/tools/peertube-redundancy.ts b/server/tools/peertube-redundancy.ts index 4bb9fbc5a..5c82fa420 100644 --- a/server/tools/peertube-redundancy.ts +++ b/server/tools/peertube-redundancy.ts | |||
@@ -2,7 +2,7 @@ import CliTable3 from 'cli-table3' | |||
2 | import { Command, program } from 'commander' | 2 | import { Command, program } from 'commander' |
3 | import { URL } from 'url' | 3 | import { URL } from 'url' |
4 | import validator from 'validator' | 4 | import validator from 'validator' |
5 | import { uniqify } from '@shared/core-utils' | 5 | import { forceNumber, uniqify } from '@shared/core-utils' |
6 | import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models' | 6 | import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models' |
7 | import { assignToken, buildServer, getServerCredentials } from './cli' | 7 | import { assignToken, buildServer, getServerCredentials } from './cli' |
8 | 8 | ||
@@ -138,7 +138,7 @@ async function removeRedundancyCLI (options: { video: number }, command: Command | |||
138 | process.exit(-1) | 138 | process.exit(-1) |
139 | } | 139 | } |
140 | 140 | ||
141 | const videoId = parseInt(options.video + '', 10) | 141 | const videoId = forceNumber(options.video) |
142 | 142 | ||
143 | const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' }) | 143 | const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' }) |
144 | let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id) | 144 | let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id) |