From a56924463e2fcca9552e5d8e72609a24a0b56b4d Mon Sep 17 00:00:00 2001
From: vexorian <vexorian@gmail.com>
Date: Sun, 19 Sep 2021 13:27:28 -0400
Subject: [PATCH] #356 Improve channel number validations, server and
 client-side.

---
 src/dao/channel-db.js            | 28 ++++++++++++++++++++++------
 web/directives/channel-config.js | 14 +++++++++++++-
 2 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/src/dao/channel-db.js b/src/dao/channel-db.js
index ac81bf4..a09eeff 100644
--- a/src/dao/channel-db.js
+++ b/src/dao/channel-db.js
@@ -29,10 +29,8 @@ class ChannelDB {
     }
     
     async saveChannel(number, json) {
-        if (typeof(number) === 'undefined') {
-            throw Error("Mising channel number");
-        }
-        let f = path.join(this.folder, `${number}.json` );
+        await this.validateChannelJson(number, json);
+        let f = path.join(this.folder, `${json.number}.json` );
         return await new Promise( (resolve, reject) => {
             let data = undefined;
             try {
@@ -50,12 +48,30 @@ class ChannelDB {
     }
 
     saveChannelSync(number, json) {
-        json.number = number;
+        this.validateChannelJson(number, json);
+        
         let data = JSON.stringify(json);
-        let f = path.join(this.folder, `${number}.json` );
+        let f = path.join(this.folder, `${json.number}.json` );
         fs.writeFileSync( f, data );
     }
 
+    validateChannelJson(number, json) {
+        json.number = number;
+        if (typeof(json.number) === 'undefined') {
+            throw Error("Expected a channel.number");
+        }
+        if (typeof(json.number) === 'string') {
+            try {
+                json.number = parseInt(json.number);
+            } catch (err) {
+                console.error("Error parsing channel number.", err);
+            }
+        }
+        if ( isNaN(json.number)) {
+            throw Error("channel.number must be a integer");
+        }
+    }
+
     async deleteChannel(number) {
         let f = path.join(this.folder, `${number}.json` );
         await new Promise( (resolve, reject) => {
diff --git a/web/directives/channel-config.js b/web/directives/channel-config.js
index 9885f29..b9008db 100644
--- a/web/directives/channel-config.js
+++ b/web/directives/channel-config.js
@@ -953,7 +953,7 @@ module.exports = function ($timeout, $location, dizquetv, resolutionOptions, get
                     scope.error.any = true;
 
    
-                    if (typeof channel.number === "undefined" || channel.number === null || channel.number === "") {
+                    if (typeof channel.number === "undefined" || channel.number === null || channel.number === "" ) {
                         scope.error.number = "Select a channel number"
                         scope.error.tab = "basic";
                     } else if (channelNumbers.indexOf(parseInt(channel.number, 10)) !== -1 && scope.isNewChannel) { // we need the parseInt for indexOf to work properly
@@ -962,6 +962,9 @@ module.exports = function ($timeout, $location, dizquetv, resolutionOptions, get
                     } else if (!scope.isNewChannel && channel.number !== scope.beforeEditChannelNumber && channelNumbers.indexOf(parseInt(channel.number, 10)) !== -1) {
                         scope.error.number = "Channel number already in use."
                         scope.error.tab = "basic";
+                    } else if ( ! checkChannelNumber(channel.number) ) {
+                        scope.error.number = "Invalid channel number.";
+                        scope.error.tab = "basic";
                     } else if (channel.number < 0 || channel.number > 9999) {
                         scope.error.name = "Enter a valid number (0-9999)"
                         scope.error.tab = "basic";
@@ -1670,3 +1673,12 @@ module.exports = function ($timeout, $location, dizquetv, resolutionOptions, get
 function validURL(url) {
     return /^(ftp|http|https):\/\/[^ "]+$/.test(url);
 }
+
+function checkChannelNumber(number) {
+    if ( /^[1-9][0-9]+$/.test(number) ) {
+        let x = parseInt(number);
+        return (0 <= x && x < 10000);
+    } else {
+        return false;
+    }
+}