Do some additional validation on IDs to prevent database errors

This commit is contained in:
calzoneman 2013-09-03 22:23:05 -05:00
parent 234456f2f4
commit 5312911c15
2 changed files with 87 additions and 0 deletions

View File

@ -607,6 +607,14 @@ Database.prototype.getLibraryItem = function (channame, id, callback) {
return; return;
} }
var m = id.match(/([\w-\/\.:]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var query = "SELECT id, title, seconds, type FROM " + var query = "SELECT id, title, seconds, type FROM " +
"`chan_" + channame + "_library` WHERE id=?"; "`chan_" + channame + "_library` WHERE id=?";

View File

@ -51,6 +51,14 @@ module.exports = function (Server) {
return; return;
} }
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var options = { var options = {
host: "gdata.youtube.com", host: "gdata.youtube.com",
port: 443, port: 443,
@ -113,6 +121,13 @@ module.exports = function (Server) {
/* youtube.com API v3 (requires API key) */ /* youtube.com API v3 (requires API key) */
ytv3: function (id, callback) { ytv3: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var params = [ var params = [
"part=" + encodeURIComponent("id,snippet,contentDetails"), "part=" + encodeURIComponent("id,snippet,contentDetails"),
"id=" + id, "id=" + id,
@ -160,6 +175,13 @@ module.exports = function (Server) {
/* youtube.com playlists */ /* youtube.com playlists */
yp: function (id, callback, url) { yp: function (id, callback, url) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var path = "/feeds/api/playlists/" + id + "?v=2&alt=json"; var path = "/feeds/api/playlists/" + id + "?v=2&alt=json";
// YouTube only returns 25 at a time, so I have to keep asking // YouTube only returns 25 at a time, so I have to keep asking
// for more with the URL they give me // for more with the URL they give me
@ -276,6 +298,13 @@ module.exports = function (Server) {
/* vimeo.com */ /* vimeo.com */
vi: function (id, callback) { vi: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var options = { var options = {
host: "vimeo.com", host: "vimeo.com",
port: 443, port: 443,
@ -325,6 +354,13 @@ module.exports = function (Server) {
// - URL is simple // - URL is simple
// - Field names are sensible // - Field names are sensible
// Other media providers take notes, please // Other media providers take notes, please
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var options = { var options = {
host: "api.dailymotion.com", host: "api.dailymotion.com",
port: 443, port: 443,
@ -366,6 +402,14 @@ module.exports = function (Server) {
const SC_CLIENT = "2e0c82ab5a020f3a7509318146128abd"; const SC_CLIENT = "2e0c82ab5a020f3a7509318146128abd";
var m = id.match(/([\w-\/\.:]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var options = { var options = {
host: "api.soundcloud.com", host: "api.soundcloud.com",
port: 443, port: 443,
@ -429,6 +473,13 @@ module.exports = function (Server) {
/* livestream.com */ /* livestream.com */
li: function (id, callback) { li: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var title = "Livestream.com - " + id; var title = "Livestream.com - " + id;
var media = new Media(id, title, "--:--", "li"); var media = new Media(id, title, "--:--", "li");
callback(false, media); callback(false, media);
@ -436,6 +487,13 @@ module.exports = function (Server) {
/* twitch.tv */ /* twitch.tv */
tw: function (id, callback) { tw: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var title = "Twitch.tv - " + id; var title = "Twitch.tv - " + id;
var media = new Media(id, title, "--:--", "tw"); var media = new Media(id, title, "--:--", "tw");
callback(false, media); callback(false, media);
@ -443,6 +501,13 @@ module.exports = function (Server) {
/* justin.tv */ /* justin.tv */
jt: function (id, callback) { jt: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var title = "Justin.tv - " + id; var title = "Justin.tv - " + id;
var media = new Media(id, title, "--:--", "jt"); var media = new Media(id, title, "--:--", "jt");
callback(false, media); callback(false, media);
@ -450,6 +515,13 @@ module.exports = function (Server) {
/* ustream.tv */ /* ustream.tv */
us: function (id, callback) { us: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var options = { var options = {
host: "www.ustream.tv", host: "www.ustream.tv",
port: 80, port: 80,
@ -497,6 +569,13 @@ module.exports = function (Server) {
/* imgur.com albums */ /* imgur.com albums */
im: function (id, callback) { im: function (id, callback) {
var m = id.match(/([\w-]+)/);
if (m) {
id = m[1];
} else {
callback("Invalid ID", null);
return;
}
var title = "Imgur Album - " + id; var title = "Imgur Album - " + id;
var media = new Media(id, title, "--:--", "im"); var media = new Media(id, title, "--:--", "im");
callback(false, media); callback(false, media);