Don't inject untrusted input

Even if it's already checked in middlewares It's better to have safe modals too
author: Chocobozzz <me@florianbigard.com> 2022-11-15 14:41:55 +0100
committer: Chocobozzz <me@florianbigard.com> 2022-11-15 14:41:55 +0100
commit: 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch)
tree: 3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/tools
parent: 6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff)
download: PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst
PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/server/tools/peertube-redundancy.ts b/server/tools/peertube-redundancy.ts
index 4bb9fbc5a..5c82fa420 100644
--- a/server/tools/peertube-redundancy.ts
+++ b/server/tools/peertube-redundancy.ts
@@ -2,7 +2,7 @@ import CliTable3 from 'cli-table3'
 import { Command, program } from 'commander'
 import { URL } from 'url'
 import validator from 'validator'
-import { uniqify } from '@shared/core-utils'
+import { forceNumber, uniqify } from '@shared/core-utils'
 import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models'
 import { assignToken, buildServer, getServerCredentials } from './cli'
@@ -138,7 +138,7 @@ async function removeRedundancyCLI (options: { video: number }, command: Command
    process.exit(-1)
  }
-  const videoId = parseInt(options.video + '', 10)
+  const videoId = forceNumber(options.video)
  const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' })
  let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id)
author	Chocobozzz <me@florianbigard.com>	2022-11-15 14:41:55 +0100
committer	Chocobozzz <me@florianbigard.com>	2022-11-15 14:41:55 +0100
commit	4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch)
tree	3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /server/tools
parent	6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff)
download	PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip

diff --git a/server/tools/peertube-redundancy.ts b/server/tools/peertube-redundancy.ts index 4bb9fbc5a..5c82fa420 100644 --- a/server/tools/peertube-redundancy.ts +++ b/server/tools/peertube-redundancy.ts
@@ -2,7 +2,7 @@ import CliTable3 from 'cli-table3'
2	import { Command, program } from 'commander'	2	import { Command, program } from 'commander'
3	import { URL } from 'url'	3	import { URL } from 'url'
4	import validator from 'validator'	4	import validator from 'validator'
5	import { uniqify } from '@shared/core-utils'	5	import { forceNumber, uniqify } from '@shared/core-utils'
6	import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models'	6	import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models'
7	import { assignToken, buildServer, getServerCredentials } from './cli'	7	import { assignToken, buildServer, getServerCredentials } from './cli'
8		8
@@ -138,7 +138,7 @@ async function removeRedundancyCLI (options: { video: number }, command: Command
138	process.exit(-1)	138	process.exit(-1)
139	}	139	}
140		140
141	const videoId = parseInt(options.video + '', 10)	141	const videoId = forceNumber(options.video)
142		142
143	const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' })	143	const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' })
144	let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id)	144	let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id)