From 24dd4e72d23d76c6d2be5fda307a1d5851c364d5 Mon Sep 17 00:00:00 2001 From: ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:38:21 -0500 Subject: [PATCH] do a sanity check on the provided ucid Co-Authored-By: absidue <48293849+absidue@users.noreply.github.com> Co-Authored-By: Samantaz Fox --- src/invidious/routes/feeds.cr | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/invidious/routes/feeds.cr b/src/invidious/routes/feeds.cr index fa876a77..5e1d4d67 100644 --- a/src/invidious/routes/feeds.cr +++ b/src/invidious/routes/feeds.cr @@ -146,7 +146,11 @@ module Invidious::Routes::Feeds env.response.headers["Content-Type"] = "application/atom+xml" env.response.content_type = "application/atom+xml" - ucid = env.params.url["ucid"] + if env.params.url["ucid"].matches?(/^[\w-]+$/) + ucid = env.params.url["ucid"] + else + return error_atom(400, InfoException.new("Invalid channel ucid provided.")) + end params = HTTP::Params.parse(env.params.query["params"]? || "")