From 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 15 Nov 2022 14:41:55 +0100 Subject: Don't inject untrusted input Even if it's already checked in middlewares It's better to have safe modals too --- shared/server-commands/miscs/sql-command.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'shared/server-commands/miscs') diff --git a/shared/server-commands/miscs/sql-command.ts b/shared/server-commands/miscs/sql-command.ts index b0d9ce56d..f163cc8c9 100644 --- a/shared/server-commands/miscs/sql-command.ts +++ b/shared/server-commands/miscs/sql-command.ts @@ -1,4 +1,5 @@ import { QueryTypes, Sequelize } from 'sequelize' +import { forceNumber } from '@shared/core-utils' import { AbstractCommand } from '../shared' export class SQLCommand extends AbstractCommand { @@ -63,7 +64,7 @@ export class SQLCommand extends AbstractCommand { if (!total) return 0 - return parseInt(total + '', 10) + return forceNumber(total) } getActorImage (filename: string) { -- cgit v1.2.3