Fix input validation

author: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-07 13:50:02 -0500
committer: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-07 13:50:02 -0500
commit: 0b17f68ebacdb54e74116cf3364c8229e896eff0 (patch)
tree: a7628790eead235362ffbc38bff46a07fb970a71
parent: a5cc66e060578f801371fe3f4b53bcb3d61b3ef9 (diff)
download: invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.tar.gz
invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.tar.bz2
invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/invidious/routes/api/v1/authenticated.cr b/src/invidious/routes/api/v1/authenticated.cr
index a024736c..ce2ee812 100644
--- a/src/invidious/routes/api/v1/authenticated.cr
+++ b/src/invidious/routes/api/v1/authenticated.cr
@@ -82,7 +82,7 @@ module Invidious::Routes::API::V1::Authenticated
     end
 
     id = env.params.url["id"]
-    if !id.match(/[a-zA-Z0-9_-]{11}/)
+    if !id.match(/^[a-zA-Z0-9_-]{11}$/)
       return error_json(400, "Invalid video id.")
     end
 
@@ -98,7 +98,7 @@ module Invidious::Routes::API::V1::Authenticated
     end
 
     id = env.params.url["id"]
-    if !id.match(/[a-zA-Z0-9_-]{11}/)
+    if !id.match(/^[a-zA-Z0-9_-]{11}$/)
       return error_json(400, "Invalid video id.")
     end
author	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-07 13:50:02 -0500
committer	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-07 13:50:02 -0500
commit	0b17f68ebacdb54e74116cf3364c8229e896eff0 (patch)
tree	a7628790eead235362ffbc38bff46a07fb970a71
parent	a5cc66e060578f801371fe3f4b53bcb3d61b3ef9 (diff)
download	invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.tar.gz invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.tar.bz2 invidious-0b17f68ebacdb54e74116cf3364c8229e896eff0.zip