validate video id

author: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-02 14:45:26 -0500
committer: Brahim Hadriche <brahim.hadriche@gmail.com> 2023-03-02 14:45:26 -0500
commit: 8c0efb3ea9e409796ae860128b16d8aac860c5c6 (patch)
tree: e0e74a43f42b963939e0de24e87c4d77b31de72b
parent: 27bf4d02a185e6750cdecdc4f1c169b0723dbbf5 (diff)
download: invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.tar.gz
invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.tar.bz2
invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious/routes/api/v1/authenticated.cr b/src/invidious/routes/api/v1/authenticated.cr
index a20d23d0..75dad6df 100644
--- a/src/invidious/routes/api/v1/authenticated.cr
+++ b/src/invidious/routes/api/v1/authenticated.cr
@@ -94,7 +94,7 @@ module Invidious::Routes::API::V1::Authenticated
     user = env.get("user").as(User)
 
     id = env.params.url["id"]?.try &.as(String)
-    if !id
+    if !id.match(/[a-zA-Z0-9_-]{11}/)
       return error_json(400, "Invalid video id.")
     end
author	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-02 14:45:26 -0500
committer	Brahim Hadriche <brahim.hadriche@gmail.com>	2023-03-02 14:45:26 -0500
commit	8c0efb3ea9e409796ae860128b16d8aac860c5c6 (patch)
tree	e0e74a43f42b963939e0de24e87c4d77b31de72b
parent	27bf4d02a185e6750cdecdc4f1c169b0723dbbf5 (diff)
download	invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.tar.gz invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.tar.bz2 invidious-8c0efb3ea9e409796ae860128b16d8aac860c5c6.zip