From 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 15 Nov 2022 14:41:55 +0100
Subject: Don't inject untrusted input

Even if it's already checked in middlewares
It's better to have safe modals too
---
 shared/extra-utils/ffprobe.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'shared/extra-utils')

diff --git a/shared/extra-utils/ffprobe.ts b/shared/extra-utils/ffprobe.ts
index b8e9f4c18..7efc58a0d 100644
--- a/shared/extra-utils/ffprobe.ts
+++ b/shared/extra-utils/ffprobe.ts
@@ -1,4 +1,5 @@
 import { ffprobe, FfprobeData } from 'fluent-ffmpeg'
+import { forceNumber } from '@shared/core-utils'
 import { VideoFileMetadata, VideoResolution } from '@shared/models/videos'
 
 /**
@@ -55,7 +56,7 @@ async function getAudioStream (videoPath: string, existingProbe?: FfprobeData) {
       return {
         absolutePath: data.format.filename,
         audioStream,
-        bitrate: parseInt(audioStream['bit_rate'] + '', 10)
+        bitrate: forceNumber(audioStream['bit_rate'])
       }
     }
   }
-- 
cgit v1.2.3