From 10b1784f6dc3175525900d3af689b5edb6dacc50 Mon Sep 17 00:00:00 2001 From: advplyr Date: Sun, 17 Dec 2023 12:23:55 -0600 Subject: [PATCH] Fix:Library search API endpoint /libraries/:id/search to check that query param q is a valid string --- server/controllers/LibraryController.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/controllers/LibraryController.js b/server/controllers/LibraryController.js index d2090270..70baff85 100644 --- a/server/controllers/LibraryController.js +++ b/server/controllers/LibraryController.js @@ -552,8 +552,8 @@ class LibraryController { * @param {import('express').Response} res */ async search(req, res) { - if (!req.query.q) { - return res.status(400).send('No query string') + if (!req.query.q || typeof req.query.q !== 'string') { + return res.status(400).send('Invalid request. Query param "q" must be a string') } const limit = req.query.limit && !isNaN(req.query.limit) ? Number(req.query.limit) : 12 const query = asciiOnlyToLowerCase(req.query.q.trim())