iv-org-mirror/invidious-copy-2023-06-08
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2023-06-08.git synced 2024-08-15 00:53:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize PLID

Browse source
This commit is contained in:
Omar Roth 2020-02-28 14:10:01 -05:00
parent 1caf6a3298
commit 697c00dccf
No known key found for this signature in database
GPG key ID: B8254FB7EC3D37F2
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/invidious.cr
View file

@ -428,7 +428,7 @@ get "/watch" do |env|
next env.redirect "/" next env.redirect "/"
end end
plid = env.params.query["list"]? plid = env.params.query["list"]?.try &.gsub(/[^a-zA-Z0-9_-]/, "")
continuation = process_continuation(PG_DB, env.params.query, plid, id) continuation = process_continuation(PG_DB, env.params.query, plid, id)
nojs = env.params.query["nojs"]? nojs = env.params.query["nojs"]?
@ -613,7 +613,7 @@ end
get "/embed/" do |env| get "/embed/" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]? locale = LOCALES[env.get("preferences").as(Preferences).locale]?
if plid = env.params.query["list"]? if plid = env.params.query["list"]?.try &.gsub(/[^a-zA-Z0-9_-]/, "")
begin begin
playlist = get_playlist(PG_DB, plid, locale: locale) playlist = get_playlist(PG_DB, plid, locale: locale)
offset = env.params.query["index"]?.try &.to_i? || 0 offset = env.params.query["index"]?.try &.to_i? || 0
@ -640,7 +640,7 @@ get "/embed/:id" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]? locale = LOCALES[env.get("preferences").as(Preferences).locale]?
id = env.params.url["id"] id = env.params.url["id"]
plid = env.params.query["list"]? plid = env.params.query["list"]?.try &.gsub(/[^a-zA-Z0-9_-]/, "")
continuation = process_continuation(PG_DB, env.params.query, plid, id) continuation = process_continuation(PG_DB, env.params.query, plid, id)
if md = env.params.query["playlist"]? if md = env.params.query["playlist"]?
@ -1264,9 +1264,9 @@ get "/playlist" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]? locale = LOCALES[env.get("preferences").as(Preferences).locale]?
user = env.get?("user").try &.as(User) user = env.get?("user").try &.as(User)
plid = env.params.query["list"]?
referer = get_referer(env) referer = get_referer(env)
plid = env.params.query["list"]?.try &.gsub(/[^a-zA-Z0-9_-]/, "")
if !plid if !plid
next env.redirect "/" next env.redirect "/"
end end