From 7f5a52e4588668f767a31c6ec8882beff6af0e3a Mon Sep 17 00:00:00 2001
From: joeuhren <46763106+joeuhren@users.noreply.github.com>
Date: Fri, 20 Nov 2020 11:02:27 -0700
Subject: [PATCH] Fixed string type query length vulnerabilty

---
 app.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index 4809b33..f45761d 100644
--- a/app.js
+++ b/app.js
@@ -133,7 +133,8 @@ app.use('/ext/getbasicstats', function(req,res){
 });
 
 app.use('/ext/getaddresstxsajax', function(req,res){
-    if(typeof req.query.length === 'undefined' || req.query.length > settings.txcount){
+    req.query.length = parseInt(req.query.length);
+    if(isNaN(req.query.length) || req.query.length > settings.index.last_txs){
         req.query.length = settings.txcount;
     }
     db.get_address_txs_ajax(req.query.address, req.query.start, req.query.length,function(txs, count){