GET /api/video-calls parses limit with parseInt and only applies an upper bound:
const limit = Math.min(parseInt(searchParams.get(limit) || 20), 50);
Examples:
/api/video-calls?limit=-5 passes -5 into Supabase .limit()./api/video-calls?limit=abc passes NaN into .limit().
Expected: the endpoint should normalize the limit to a finite integer range, e.g. 1..50, before building the query.
GET /api/video-callsparseslimitwithparseIntand only applies an upper bound:Examples:
/api/video-calls?limit=-5passes-5into Supabase.limit()./api/video-calls?limit=abcpassesNaNinto.limit().Expected: the endpoint should normalize the limit to a finite integer range, e.g. 1..50, before building the query.