From 03dd1fdd004c6973b7286b15d4f8cca3c9615f3c Mon Sep 17 00:00:00 2001 From: syuilo Date: Sat, 21 Jan 2017 07:33:46 +0900 Subject: [PATCH] [API] Fix: Validate id --- src/api/endpoints/posts/likes/delete.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/api/endpoints/posts/likes/delete.js b/src/api/endpoints/posts/likes/delete.js index b5b7e5177..e3dee23bf 100644 --- a/src/api/endpoints/posts/likes/delete.js +++ b/src/api/endpoints/posts/likes/delete.js @@ -25,6 +25,11 @@ module.exports = (params, user) => return rej('post_id is required'); } + // Validate id + if (!mongo.ObjectID.isValid(postId)) { + return rej('incorrect post_id'); + } + // Get likee const post = await Post.findOne({ _id: new mongo.ObjectID(postId)