From ec58700f6dff8e5b4af1544f6205ec362b593092 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 27 Feb 2023 09:10:53 -0500
Subject: [PATCH] fix: object destructuring overwriting type parameter

also check for valid types in generateExport
---
 src/api/users.js              | 4 ++++
 src/socket.io/user/profile.js | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/api/users.js b/src/api/users.js
index e0382c95cd..bbb02a43bb 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -443,6 +443,10 @@ usersAPI.changePicture = async (caller, data) => {
 };
 
 usersAPI.generateExport = async (caller, { uid, type }) => {
+	const validTypes = ['profile', 'posts', 'uploads'];
+	if (!validTypes.includes(type)) {
+		throw new Error('[[error:invalid-data]]');
+	}
 	const count = await db.incrObjectField('locks', `export:${uid}${type}`);
 	if (count > 1) {
 		throw new Error('[[error:already-exporting]]');
diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
index 20a869056c..95c0097116 100644
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@@ -74,6 +74,6 @@ module.exports = function (SocketUser) {
 
 		await user.isAdminOrSelf(socket.uid, data.uid);
 
-		api.users.generateExport(socket, { type, ...data });
+		api.users.generateExport(socket, { type, uid: data.uid });
 	}
 };