From 354c9c2cc1a4579f7d81667ca599838a12ddcef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 19 Jul 2023 17:51:13 -0400
Subject: [PATCH] only allow valid types for doExport

backport of
---
 src/socket.io/user/profile.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
index 2dcbb1af03..d503a7f471 100644
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@@ -64,6 +64,10 @@ module.exports = function (SocketUser) {
 	};
 
 	async function doExport(socket, data, type) {
+		const validTypes = ['profile', 'posts', 'uploads'];
+		if (!validTypes.includes(type)) {
+			throw new Error('[[error:invalid-data]]');
+		}
 		if (!socket.uid) {
 			throw new Error('[[error:invalid-uid]]');
 		}