fix(rce): prevent remot code execution (#833)

mhenrixon · Feb 12, 2024 · 8d63c1b · 8d63c1b
1 parent e31db68
commit 8d63c1b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/sidekiq_unique_jobs/web.rb b/lib/sidekiq_unique_jobs/web.rb
@@ -85,8 +85,9 @@ def self.registered(app) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
 
       app.get "/locks/:digest/jobs/:job_id/delete" do
         @digest = h(params[:digest])
+        @job_id = h(params[:job_id])
         @lock   = SidekiqUniqueJobs::Lock.new(@digest)
-        @lock.unlock(params[:job_id])
+        @lock.unlock(@job_id)
 
         redirect_to "locks/#{@lock.key}"
       end