do a sanity check on the provided ucid

Co-Authored-By: absidue <48293849+absidue@users.noreply.github.com>
Co-Authored-By: Samantaz Fox <coding@samantaz.fr>
This commit is contained in:
ChunkyProgrammer 2024-01-29 17:38:21 -05:00
parent 6606eabb32
commit 950672ae74

View File

@ -146,7 +146,11 @@ module Invidious::Routes::Feeds
env.response.headers["Content-Type"] = "application/atom+xml"
env.response.content_type = "application/atom+xml"
ucid = env.params.url["ucid"]
if env.params.url["ucid"].matches?(/^[\w-]+$/)
ucid = env.params.url["ucid"]
else
return error_atom(400, InfoException.new("Invalid channel ucid provided."))
end
params = HTTP::Params.parse(env.params.query["params"]? || "")