diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/api/endpoints/posts/show.js | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/api/endpoints/posts/show.js b/src/api/endpoints/posts/show.js index 19cdb74251..f399d86c8a 100644 --- a/src/api/endpoints/posts/show.js +++ b/src/api/endpoints/posts/show.js @@ -23,6 +23,11 @@ module.exports = (params, user) => return rej('post_id is required'); } + // Validate id + if (!mongo.ObjectID.isValid(postId)) { + return rej('incorrect post_id'); + } + // Get post const post = await Post.findOne({ _id: new mongo.ObjectID(postId) |