There are a handful of cid parameters and inputs to the PDS xrpc methods. We should consider validating these as CIDs, otherwise fail the request with a 400. In some cases currently CID.parse() may be called on them, causing an error to be thrown that turns into a 500.
dholms
commented
1 year ago
There are a handful of
cidparameters and inputs to the PDS xrpc methods. We should consider validating these as CIDs, otherwise fail the request with a 400. In some cases currentlyCID.parse()may be called on them, causing an error to be thrown that turns into a 500.