mirror of https://github.com/Chocobozzz/PeerTube
Add additional check for playlistName
parent
4765348107
commit
d7ce9dca61
|
@ -15,6 +15,10 @@ function isSafePath (p: string) {
|
|||
})
|
||||
}
|
||||
|
||||
function isSafePeerTubeFilenameWithoutExtension (filename: string) {
|
||||
return filename.match(/^[a-z0-9-]+$/)
|
||||
}
|
||||
|
||||
function isArray (value: any): value is any[] {
|
||||
return Array.isArray(value)
|
||||
}
|
||||
|
@ -172,5 +176,6 @@ export {
|
|||
areUUIDsValid,
|
||||
toIntArray,
|
||||
isFileValid,
|
||||
isSafePeerTubeFilenameWithoutExtension,
|
||||
checkMimetypeRegex
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ import express from 'express'
|
|||
import { query } from 'express-validator'
|
||||
import LRUCache from 'lru-cache'
|
||||
import { basename, dirname } from 'path'
|
||||
import { exists, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
|
||||
import { exists, isSafePeerTubeFilenameWithoutExtension, isUUIDValid, toBooleanOrNull } from '@server/helpers/custom-validators/misc'
|
||||
import { logger } from '@server/helpers/logger'
|
||||
import { LRU_CACHE } from '@server/initializers/constants'
|
||||
import { VideoModel } from '@server/models/video/video'
|
||||
|
@ -69,6 +69,10 @@ const ensureCanAccessPrivateVideoHLSFiles = [
|
|||
.customSanitizer(toBooleanOrNull)
|
||||
.isBoolean().withMessage('Should be a valid reinjectVideoFileToken boolean'),
|
||||
|
||||
query('playlistName')
|
||||
.optional()
|
||||
.customSanitizer(isSafePeerTubeFilenameWithoutExtension),
|
||||
|
||||
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
if (areValidationErrors(req, res)) return
|
||||
|
||||
|
|
Loading…
Reference in New Issue