From 40f05f4ea5b5ffa083cff1bbb1832a472544a8ae Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Sun, 12 Feb 2017 06:01:31 +0900
Subject: [PATCH] [API] Fix: Validate file_id

---
 src/api/endpoints/drive/files/update.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/api/endpoints/drive/files/update.js b/src/api/endpoints/drive/files/update.js
index 3ec9e5a73..612d38095 100644
--- a/src/api/endpoints/drive/files/update.js
+++ b/src/api/endpoints/drive/files/update.js
@@ -26,6 +26,11 @@ module.exports = (params, user) =>
 		return rej('file_id is required');
 	}
 
+	// Validate id
+	if (!mongo.ObjectID.isValid(fileId)) {
+		return rej('incorrect file_id');
+	}
+
 	const file = await DriveFile
 		.findOne({
 			_id: new mongo.ObjectID(fileId),