Trusting user input #43
Description
Currently whichever request gets to the /gta endpoint will make it directly into the DB.
This seems to be a security issue where an attacker could basically send the level ID of any level they'd want (with any command they'd want).