From 567a9a4e58bacca381a76469a809c854a7a9dad3 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Thu, 26 Sep 2024 16:48:38 -0500
Subject: [PATCH] Fix:API /libraries/:library/items validate limit and page are
 positive integers #3459

---
 server/controllers/LibraryController.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/controllers/LibraryController.js b/server/controllers/LibraryController.js
index 65243acc..7705428b 100644
--- a/server/controllers/LibraryController.js
+++ b/server/controllers/LibraryController.js
@@ -503,6 +503,14 @@ class LibraryController {
       collapseseries: req.query.collapseseries === '1',
       include: include.join(',')
     }
+
+    if (!Number.isInteger(payload.limit) || payload.limit < 0) {
+      return res.status(400).send('Invalid request. Limit must be a positive integer')
+    }
+    if (!Number.isInteger(payload.page) || payload.page < 0) {
+      return res.status(400).send('Invalid request. Page must be a positive integer')
+    }
+
     payload.offset = payload.page * payload.limit
 
     // TODO: Temporary way of handling collapse sub-series. Either remove feature or handle through sql queries