From 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 15 Nov 2022 14:41:55 +0100 Subject: Don't inject untrusted input Even if it's already checked in middlewares It's better to have safe modals too --- server/tools/peertube-redundancy.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'server/tools') diff --git a/server/tools/peertube-redundancy.ts b/server/tools/peertube-redundancy.ts index 4bb9fbc5a..5c82fa420 100644 --- a/server/tools/peertube-redundancy.ts +++ b/server/tools/peertube-redundancy.ts @@ -2,7 +2,7 @@ import CliTable3 from 'cli-table3' import { Command, program } from 'commander' import { URL } from 'url' import validator from 'validator' -import { uniqify } from '@shared/core-utils' +import { forceNumber, uniqify } from '@shared/core-utils' import { HttpStatusCode, VideoRedundanciesTarget } from '@shared/models' import { assignToken, buildServer, getServerCredentials } from './cli' @@ -138,7 +138,7 @@ async function removeRedundancyCLI (options: { video: number }, command: Command process.exit(-1) } - const videoId = parseInt(options.video + '', 10) + const videoId = forceNumber(options.video) const myVideoRedundancies = await server.redundancy.listVideos({ target: 'my-videos' }) let videoRedundancy = myVideoRedundancies.data.find(r => videoId === r.id) -- cgit v1.2.3