Skip to content

Commit

Permalink
Disallow negative size values
Browse files Browse the repository at this point in the history
  • Loading branch information
@KernelDeimos
KernelDeimos committed May 21, 2024
1 parent 90463a0 commit 1f6a209
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
4 changes: 4 additions & 0 deletions packages/backend/src/api/APIError.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,10 @@ module.exports = class APIError {
status: 400,
message: 'Missing fileinfo entry or BLOB for operation.',
},
'invalid_file_metadata': {
status: 400,
message: 'Invalid file metadata.',
},

// Open
'no_suitable_app': {
Expand Down
6 changes: 5 additions & 1 deletion packages/backend/src/routers/filesystem_api/batch/all.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,11 @@ module.exports = eggspress('/batch', {
}

if ( fieldname === 'fileinfo' ) {
fileinfos.push(JSON.parse(value));
const fileinfo = JSON.parse(value);
if ( fileinfo.size < 0 ) {
throw APIError.create('invalid_file_metadata');
}
fileinfos.push(fileinfo);
return;
}

Expand Down

0 comments on commit 1f6a209

Please sign in to comment.