From 8b3e3717335025b41a56d4190791294c5ae936f3 Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Sat, 21 Jan 2017 07:46:43 +0900
Subject: [PATCH] [API] Fix: Validate id

---
 src/api/endpoints/posts/show.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/api/endpoints/posts/show.js b/src/api/endpoints/posts/show.js
index 19cdb74251..f399d86c8a 100644
--- a/src/api/endpoints/posts/show.js
+++ b/src/api/endpoints/posts/show.js
@@ -23,6 +23,11 @@ module.exports = (params, user) =>
 		return rej('post_id is required');
 	}
 
+	// Validate id
+	if (!mongo.ObjectID.isValid(postId)) {
+		return rej('incorrect post_id');
+	}
+
 	// Get post
 	const post = await Post.findOne({
 		_id: new mongo.ObjectID(postId)