diff options
| author | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2022-11-15 14:41:55 +0100 |
| commit | 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c (patch) | |
| tree | 3e341c6ebbd1ce9e2bbacd72e7e3793e0bd467c2 /shared/server-commands | |
| parent | 6bcb559fc9a491fc3ce83e7c077ee9dc742b1d63 (diff) | |
| download | PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.gz PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.tar.zst PeerTube-4638cd713dcdd007cd7f49b9a95fa62ac7823e7c.zip | |
Don't inject untrusted input
Even if it's already checked in middlewares
It's better to have safe modals too
Diffstat (limited to 'shared/server-commands')
| -rw-r--r-- | shared/server-commands/miscs/sql-command.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/shared/server-commands/miscs/sql-command.ts b/shared/server-commands/miscs/sql-command.ts index b0d9ce56d..f163cc8c9 100644 --- a/shared/server-commands/miscs/sql-command.ts +++ b/shared/server-commands/miscs/sql-command.ts | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | import { QueryTypes, Sequelize } from 'sequelize' | 1 | import { QueryTypes, Sequelize } from 'sequelize' |
| 2 | import { forceNumber } from '@shared/core-utils' | ||
| 2 | import { AbstractCommand } from '../shared' | 3 | import { AbstractCommand } from '../shared' |
| 3 | 4 | ||
| 4 | export class SQLCommand extends AbstractCommand { | 5 | export class SQLCommand extends AbstractCommand { |
| @@ -63,7 +64,7 @@ export class SQLCommand extends AbstractCommand { | |||
| 63 | 64 | ||
| 64 | if (!total) return 0 | 65 | if (!total) return 0 |
| 65 | 66 | ||
| 66 | return parseInt(total + '', 10) | 67 | return forceNumber(total) |
| 67 | } | 68 | } |
| 68 | 69 | ||
| 69 | getActorImage (filename: string) { | 70 | getActorImage (filename: string) { |