diff --git a/src/api/endpoints/drive/files.js b/src/api/endpoints/drive/files.js index 5399461a37..7df8b81eac 100644 --- a/src/api/endpoints/drive/files.js +++ b/src/api/endpoints/drive/files.js @@ -41,7 +41,7 @@ module.exports = (params, user, app) => // Get 'folder_id' parameter let folder = params.folder_id; - if (folder === undefined || folder === null || folder === 'null') { + if (folder === undefined || folder === null) { folder = null; } else { folder = new mongo.ObjectID(folder); diff --git a/src/api/endpoints/drive/files/create.js b/src/api/endpoints/drive/files/create.js index 9f34a551d1..a04cd5dde4 100644 --- a/src/api/endpoints/drive/files/create.js +++ b/src/api/endpoints/drive/files/create.js @@ -46,7 +46,7 @@ module.exports = (file, params, user) => // Get 'folder_id' parameter let folder = params.folder_id; - if (folder === undefined || folder === null || folder === 'null') { + if (folder === undefined || folder === null) { folder = null; } else { folder = new mongo.ObjectID(folder); diff --git a/src/api/endpoints/drive/files/find.js b/src/api/endpoints/drive/files/find.js index a0a0e0b417..26c45c564b 100644 --- a/src/api/endpoints/drive/files/find.js +++ b/src/api/endpoints/drive/files/find.js @@ -25,7 +25,7 @@ module.exports = (params, user) => // Get 'folder_id' parameter let folder = params.folder_id; - if (folder === undefined || folder === null || folder === 'null') { + if (folder === undefined || folder === null) { folder = null; } else { folder = new mongo.ObjectID(folder); diff --git a/src/api/endpoints/drive/files/update.js b/src/api/endpoints/drive/files/update.js index 74ff012ecb..5af2b8e6da 100644 --- a/src/api/endpoints/drive/files/update.js +++ b/src/api/endpoints/drive/files/update.js @@ -58,16 +58,18 @@ module.exports = (params, user) => // Get 'folder_id' parameter let folderId = params.folder_id; - if (folderId !== undefined && folderId !== 'null') { - folderId = new mongo.ObjectID(folderId); - } - - let folder = null; - if (folderId !== undefined && folderId !== null) { - if (folderId === 'null') { + if (folderId !== undefined) { + if (folderId === null) { file.folder_id = null; } else { - folder = await DriveFolder + // Validate id + if (!mongo.ObjectID.isValid(folderId)) { + return rej('incorrect folder_id'); + } + + folderId = new mongo.ObjectID(folderId); + + const folder = await DriveFolder .findOne({ _id: folderId, user_id: user._id diff --git a/src/api/endpoints/drive/folders.js b/src/api/endpoints/drive/folders.js index f233de25a1..672ae21789 100644 --- a/src/api/endpoints/drive/folders.js +++ b/src/api/endpoints/drive/folders.js @@ -41,7 +41,7 @@ module.exports = (params, user, app) => // Get 'folder_id' parameter let folder = params.folder_id; - if (folder === undefined || folder === null || folder === 'null') { + if (folder === undefined || folder === null) { folder = null; } else { folder = new mongo.ObjectID(folder); diff --git a/src/api/endpoints/drive/folders/find.js b/src/api/endpoints/drive/folders/find.js index 9a2faf6d82..be05427f57 100644 --- a/src/api/endpoints/drive/folders/find.js +++ b/src/api/endpoints/drive/folders/find.js @@ -25,7 +25,7 @@ module.exports = (params, user) => // Get 'parent_id' parameter let parentId = params.parent_id; - if (parentId === undefined || parentId === null || parentId === 'null') { + if (parentId === undefined || parentId === null) { parentId = null; } else { parentId = new mongo.ObjectID(parentId); diff --git a/src/api/endpoints/drive/folders/update.js b/src/api/endpoints/drive/folders/update.js index d04173158d..475cd205df 100644 --- a/src/api/endpoints/drive/folders/update.js +++ b/src/api/endpoints/drive/folders/update.js @@ -25,6 +25,11 @@ module.exports = (params, user) => return rej('folder_id is required'); } + // Validate id + if (!mongo.ObjectID.isValid(folderId)) { + return rej('incorrect folder_id'); + } + // Fetch folder const folder = await DriveFolder .findOne({ @@ -49,17 +54,19 @@ module.exports = (params, user) => // Get 'parent_id' parameter let parentId = params.parent_id; - if (parentId !== undefined && parentId !== 'null') { - parentId = new mongo.ObjectID(parentId); - } - - let parent = null; - if (parentId !== undefined && parentId !== null) { - if (parentId === 'null') { + if (parentId !== undefined) { + if (parentId === null) { folder.parent_id = null; } else { + // Validate id + if (!mongo.ObjectID.isValid(parentId)) { + return rej('incorrect parent_id'); + } + + parentId = new mongo.ObjectID(parentId); + // Get parent folder - parent = await DriveFolder + const parent = await DriveFolder .findOne({ _id: parentId, user_id: user._id diff --git a/src/web/app/desktop/tags/drive/browser.tag b/src/web/app/desktop/tags/drive/browser.tag index 4c42987d03..640bf24b7e 100644 --- a/src/web/app/desktop/tags/drive/browser.tag +++ b/src/web/app/desktop/tags/drive/browser.tag @@ -407,7 +407,7 @@ @remove-file file @api \drive/files/update do file_id: file - folder_id: if @folder? then @folder.id else \null + folder_id: if @folder? then @folder.id else null .then ~> # something .catch (err, text-status) ~> @@ -424,7 +424,7 @@ @remove-folder folder @api \drive/folders/update do folder_id: folder - parent_id: if @folder? then @folder.id else \null + parent_id: if @folder? then @folder.id else null .then ~> # something .catch (err) ~>