diff options
author | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
commit | 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch) | |
tree | 3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /shared/extra-utils | |
parent | 6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff) | |
download | PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip |
Don't inject untrusted input
Even if it's already checked in middlewares
It's better to have safe modals too
Diffstat (limited to 'shared/extra-utils')
-rw-r--r-- | shared/extra-utils/ffprobe.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/shared/extra-utils/ffprobe.ts b/shared/extra-utils/ffprobe.ts index b8e9f4c18..7efc58a0d 100644 --- a/shared/extra-utils/ffprobe.ts +++ b/shared/extra-utils/ffprobe.ts | |||
@@ -1,4 +1,5 @@ | |||
1 | import { ffprobe, FfprobeData } from 'fluent-ffmpeg' | 1 | import { ffprobe, FfprobeData } from 'fluent-ffmpeg' |
2 | import { forceNumber } from '@shared/core-utils' | ||
2 | import { VideoFileMetadata, VideoResolution } from '@shared/models/videos' | 3 | import { VideoFileMetadata, VideoResolution } from '@shared/models/videos' |
3 | 4 | ||
4 | /** | 5 | /** |
@@ -55,7 +56,7 @@ async function getAudioStream (videoPath: string, existingProbe?: FfprobeData) { | |||
55 | return { | 56 | return { |
56 | absolutePath: data.format.filename, | 57 | absolutePath: data.format.filename, |
57 | audioStream, | 58 | audioStream, |
58 | bitrate: parseInt(audioStream['bit_rate'] + '', 10) | 59 | bitrate: forceNumber(audioStream['bit_rate']) |
59 | } | 60 | } |
60 | } | 61 | } |
61 | } | 62 | } |