From 77a1799a7f53df7921497180b11b43829aa335a3 Mon Sep 17 00:00:00 2001
From: Ajay <dev@ajay.app>
Date: Sat, 12 Feb 2022 13:11:46 -0500
Subject: [PATCH] Filter input

---
 src/routes/deleteLockCategories.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/routes/deleteLockCategories.ts b/src/routes/deleteLockCategories.ts
index 1e001aa..83e187c 100644
--- a/src/routes/deleteLockCategories.ts
+++ b/src/routes/deleteLockCategories.ts
@@ -59,7 +59,7 @@ export async function deleteLockCategoriesEndpoint(req: DeleteLockCategoriesRequ
 
 export async function deleteLockCategories(videoID: VideoID, categories = config.categoryList, actionTypes = [ActionType.Skip, ActionType.Mute], service: Service): Promise<void> {
     const arrJoin = (arr: string[]): string => `'${arr.join(`','`)}'`;
-    const categoryString = arrJoin(categories);
-    const actionTypeString = arrJoin(actionTypes);
+    const categoryString = arrJoin(categories.filter((v) => !/[^a-z|_|-]/.test(v)));
+    const actionTypeString = arrJoin(actionTypes.filter((v) => !/[^a-z|_|-]/.test(v)));
     await db.prepare("run", `DELETE FROM "lockCategories" WHERE "videoID" = ? AND "service" = ? AND "category" IN (${categoryString}) AND "actionType" IN (${actionTypeString})`, [videoID, service]);
 }