diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/api/endpoints/drive/files/update.js | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/api/endpoints/drive/files/update.js b/src/api/endpoints/drive/files/update.js index 3ec9e5a73d..612d380955 100644 --- a/src/api/endpoints/drive/files/update.js +++ b/src/api/endpoints/drive/files/update.js @@ -26,6 +26,11 @@ module.exports = (params, user) => return rej('file_id is required'); } + // Validate id + if (!mongo.ObjectID.isValid(fileId)) { + return rej('incorrect file_id'); + } + const file = await DriveFile .findOne({ _id: new mongo.ObjectID(fileId), |