From 4638cd713dcdd007cd7f49b9a95fa62ac7823e7c Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 15 Nov 2022 14:41:55 +0100
Subject: Don't inject untrusted input

Even if it's already checked in middlewares
It's better to have safe modals too
---
 shared/server-commands/miscs/sql-command.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'shared/server-commands')

diff --git a/shared/server-commands/miscs/sql-command.ts b/shared/server-commands/miscs/sql-command.ts
index b0d9ce56d..f163cc8c9 100644
--- a/shared/server-commands/miscs/sql-command.ts
+++ b/shared/server-commands/miscs/sql-command.ts
@@ -1,4 +1,5 @@
 import { QueryTypes, Sequelize } from 'sequelize'
+import { forceNumber } from '@shared/core-utils'
 import { AbstractCommand } from '../shared'
 
 export class SQLCommand extends AbstractCommand {
@@ -63,7 +64,7 @@ export class SQLCommand extends AbstractCommand {
 
     if (!total) return 0
 
-    return parseInt(total + '', 10)
+    return forceNumber(total)
   }
 
   getActorImage (filename: string) {
-- 
cgit v1.2.3