From f65627f55f72feb9df2bc5a82845299335a107c1 Mon Sep 17 00:00:00 2001 From: ChunkyProgrammer <78101139+ChunkyProgrammer@users.noreply.github.com> Date: Tue, 20 Aug 2024 19:55:22 -0400 Subject: [PATCH] encode parameters retrieved from url --- src/invidious/routes/api/v1/channels.cr | 12 ++++++------ src/invidious/routes/api/v1/videos.cr | 2 +- src/invidious/routes/channels.cr | 6 +++--- src/invidious/routes/watch.cr | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/invidious/routes/api/v1/channels.cr b/src/invidious/routes/api/v1/channels.cr index 9245cdd4..754d20fc 100644 --- a/src/invidious/routes/api/v1/channels.cr +++ b/src/invidious/routes/api/v1/channels.cr @@ -394,7 +394,7 @@ module Invidious::Routes::API::V1::Channels locale = env.get("preferences").as(Preferences).locale env.response.content_type = "application/json" - id = env.params.url["id"].to_s + id = URI.encode_www_form(env.params.url["id"].to_s) ucid = env.params.query["ucid"]? thin_mode = env.params.query["thin_mode"]? @@ -406,9 +406,9 @@ module Invidious::Routes::API::V1::Channels if ucid.nil? response = YoutubeAPI.resolve_url("https://www.youtube.com/post/#{id}") return error_json(400, "Invalid post ID") if response["error"]? - ucid = response.dig("endpoint", "browseEndpoint", "browseId").as_s + ucid = URI.encode_www_form(response.dig("endpoint", "browseEndpoint", "browseId").as_s) else - ucid = ucid.to_s + ucid = URI.encode_www_form(ucid.to_s) end begin @@ -423,7 +423,7 @@ module Invidious::Routes::API::V1::Channels env.response.content_type = "application/json" - id = env.params.url["id"] + id = URI.encode_www_form(env.params.url["id"]) thin_mode = env.params.query["thin_mode"]? thin_mode = thin_mode == "true" @@ -437,9 +437,9 @@ module Invidious::Routes::API::V1::Channels if ucid.nil? response = YoutubeAPI.resolve_url("https://www.youtube.com/post/#{id}") return error_json(400, "Invalid post ID") if response["error"]? - ucid = response.dig("endpoint", "browseEndpoint", "browseId").as_s + ucid = URI.encode_www_form(response.dig("endpoint", "browseEndpoint", "browseId").as_s) else - ucid = ucid.to_s + ucid = URI.encode_www_form(ucid.to_s) end case continuation diff --git a/src/invidious/routes/api/v1/videos.cr b/src/invidious/routes/api/v1/videos.cr index 368304ac..19fa7aeb 100644 --- a/src/invidious/routes/api/v1/videos.cr +++ b/src/invidious/routes/api/v1/videos.cr @@ -392,7 +392,7 @@ module Invidious::Routes::API::V1::Videos env.response.content_type = "application/json" - clip_id = env.params.url["id"] + clip_id = URI.encode_www_form(env.params.url["id"]) region = env.params.query["region"]? proxy = {"1", "true"}.any? &.== env.params.query["local"]? diff --git a/src/invidious/routes/channels.cr b/src/invidious/routes/channels.cr index 8e827899..0bf5efc6 100644 --- a/src/invidious/routes/channels.cr +++ b/src/invidious/routes/channels.cr @@ -237,7 +237,7 @@ module Invidious::Routes::Channels def self.post(env) # /post/{postId} - id = env.params.url["id"] + id = URI.encode_www_form(env.params.url["id"]) ucid = env.params.query["ucid"]? prefs = env.get("preferences").as(Preferences) @@ -253,14 +253,14 @@ module Invidious::Routes::Channels nojs = nojs == "1" if !ucid.nil? - ucid = ucid.to_s + ucid = URI.encode_www_form(ucid.to_s) post_response = fetch_channel_community_post(ucid, id, locale, "json", thin_mode) else # resolve the url to get the author's UCID response = YoutubeAPI.resolve_url("https://www.youtube.com/post/#{id}") return error_template(400, "Invalid post ID") if response["error"]? - ucid = response.dig("endpoint", "browseEndpoint", "browseId").as_s + ucid = URI.encode_www_form(response.dig("endpoint", "browseEndpoint", "browseId").as_s) post_response = fetch_channel_community_post(ucid, id, locale, "json", thin_mode) end diff --git a/src/invidious/routes/watch.cr b/src/invidious/routes/watch.cr index ad64f53f..ef4a7b23 100644 --- a/src/invidious/routes/watch.cr +++ b/src/invidious/routes/watch.cr @@ -338,7 +338,7 @@ module Invidious::Routes::Watch locale = env.get("preferences").as(Preferences).locale region = env.params.query["region"]? - id = env.params.query["id"] + id = URI.encode_www_form(env.params.query["id"]) continuation = env.params.query["continuation"]? source = env.params.query["source"]? || "youtube" @@ -356,9 +356,9 @@ module Invidious::Routes::Watch if ucid.nil? response = YoutubeAPI.resolve_url("https://www.youtube.com/post/#{id}") return error_json(400, "Invalid post ID") if response["error"]? - ucid = response.dig("endpoint", "browseEndpoint", "browseId").as_s + ucid = URI.encode_www_form(response.dig("endpoint", "browseEndpoint", "browseId").as_s) else - ucid = ucid.to_s + ucid = URI.encode_www_form(ucid.to_s) end case continuation when nil, ""