From 361dba21977ee08f124f5a72c69b8ebfd19e7804 Mon Sep 17 00:00:00 2001
From: unknown <89595418+unknownsrc@users.noreply.github.com>
Date: Sun, 5 Mar 2023 17:17:31 +0100
Subject: [PATCH] some rce prevention

---
 controller/websocket.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/websocket.js b/controller/websocket.js
index 8b616b1..98caaa1 100644
--- a/controller/websocket.js
+++ b/controller/websocket.js
@@ -56,7 +56,7 @@ exports.save = async (ws, req) => {
     async function startDownloading() {
         ws.send('INFO - Spawning yt-dlp!')
 
-        const download = await ytdlp.downloadVideo(req.query.url, ws)
+        const download = await ytdlp.downloadVideo(`https://www.youtube.com/watch?v=${id}`, ws)
         if (download.fail) {
             await redis.del(id)
             ws.send(`DATA - ${download.message}`)