From 6c7fbd0f9618fb5dc47b906680fafd2d7bcbd75a Mon Sep 17 00:00:00 2001
From: Vjacheslav Trushkin <cyberalien@gmail.com>
Date: Tue, 12 Feb 2019 14:08:35 +0200
Subject: [PATCH] Make sure query is a string

---
 src/request.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/request.js b/src/request.js
index 2a618b8..ce95968 100644
--- a/src/request.js
+++ b/src/request.js
@@ -45,7 +45,7 @@ module.exports = (app, req, res, query) => {
             app.response(req, res, 200);
 
             // Do stuff
-            if (app.config['reload-secret'].length && req.query && req.query.key && req.query.key === app.config['reload-secret'] && !app.reloading) {
+            if (app.config['reload-secret'].length && req.query && typeof req.query.key === 'string' && req.query.key === app.config['reload-secret'] && !app.reloading) {
                 process.nextTick(() => {
                     app.reload(false).then(() => {
                     }).catch(err => {
@@ -60,7 +60,7 @@ module.exports = (app, req, res, query) => {
             app.response(req, res, 200);
 
             let repo = req.query.repo;
-            if (!app.config.canSync || !app.config.sync[repo] || !app.config.sync.git || !app.config.sync.secret) {
+            if (typeof repo !== 'string' || !app.config.canSync || !app.config.sync[repo] || !app.config.sync.git || !app.config.sync.secret) {
                 return;
             }