diff options
| author | ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com> | 2024-01-29 17:38:21 -0500 |
|---|---|---|
| committer | ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com> | 2024-11-17 13:14:39 -0500 |
| commit | 1838ac4c99e45d3e880f65805f00ecfe335f7a0c (patch) | |
| tree | de00affc3e9f02790e839746de7f675a52726cad /src | |
| parent | 8729f0107520fc9379040cee66fa3a140f9293a1 (diff) | |
| download | invidious-1838ac4c99e45d3e880f65805f00ecfe335f7a0c.tar.gz invidious-1838ac4c99e45d3e880f65805f00ecfe335f7a0c.tar.bz2 invidious-1838ac4c99e45d3e880f65805f00ecfe335f7a0c.zip | |
do a sanity check on the provided ucid
Co-Authored-By: absidue <48293849+absidue@users.noreply.github.com>
Co-Authored-By: Samantaz Fox <coding@samantaz.fr>
Diffstat (limited to 'src')
| -rw-r--r-- | src/invidious/routes/feeds.cr | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/invidious/routes/feeds.cr b/src/invidious/routes/feeds.cr index dd8175dc..1b2cfba0 100644 --- a/src/invidious/routes/feeds.cr +++ b/src/invidious/routes/feeds.cr @@ -146,7 +146,11 @@ module Invidious::Routes::Feeds env.response.headers["Content-Type"] = "application/atom+xml" env.response.content_type = "application/atom+xml" - ucid = env.params.url["ucid"] + if env.params.url["ucid"].matches?(/^[\w-]+$/) + ucid = env.params.url["ucid"] + else + return error_atom(400, InfoException.new("Invalid channel ucid provided.")) + end params = HTTP::Params.parse(env.params.query["params"]? || "") |