From 61d65dc8e144cdb3fce5db3d2e1400893c23c167 Mon Sep 17 00:00:00 2001 From: Zed Date: Sat, 25 Mar 2023 03:22:18 +0100 Subject: [PATCH] Validate tweet ID --- src/routes/status.nim | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/routes/status.nim b/src/routes/status.nim index 1104282..7e89220 100644 --- a/src/routes/status.nim +++ b/src/routes/status.nim @@ -16,17 +16,21 @@ proc createStatusRouter*(cfg: Config) = router status: get "/@name/status/@id/?": cond '.' notin @"name" - cond not @"id".any(c => not c.isDigit) + let id = @"id" + + if id.len > 19 or id.any(c => not c.isDigit): + resp Http404, showError("Invalid tweet ID", cfg) + let prefs = cookiePrefs() # used for the infinite scroll feature if @"scroll".len > 0: - let replies = await getReplies(@"id", getCursor()) + let replies = await getReplies(id, getCursor()) if replies.content.len == 0: resp Http404, "" resp $renderReplies(replies, prefs, getPath()) - let conv = await getTweet(@"id", getCursor()) + let conv = await getTweet(id, getCursor()) if conv == nil: echo "nil conv"