yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-06 03:50:26 +02:00
Code Issues Releases Wiki Activity

Don't inject untrusted input

Browse source 
Even if it's already checked in middlewares
It's better to have safe modals too
This commit is contained in:
Chocobozzz 2022-11-15 14:41:55 +01:00
parent 6bcb559fc9
commit 4638cd713d
No known key found for this signature in database
GPG key ID: 583A612D890159BE
35 changed files with 101 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

3
server/lib/activitypub/collection.ts
View file

@ -3,6 +3,7 @@ import validator from 'validator'
import { pageToStartAndCount } from '@server/helpers/core-utils'
import { ACTIVITY_PUB } from '@server/initializers/constants'
import { ResultList } from '@shared/models'
import { forceNumber } from '@shared/core-utils'
type ActivityPubCollectionPaginationHandler = (start: number, count: number) => Bluebird<ResultList<any>> | Promise<ResultList<any>>
@ -33,7 +34,7 @@ async function activityPubCollectionPagination (
let prev: string | undefined
// Assert page is a number
page = parseInt(page, 10)
page = forceNumber(page)
// There are more results
if (result.total > page * size) {