Backupppert/jellyfin
0
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2024-07-05 21:33:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Authenticated arbitrary file overwrite in SubtitleController -> SubtitleManager

Browse source 
GHSL-2021-050: Issue 5 Arbitrary file overwrite.
This commit is contained in:
Erwin de Haan 2021-03-20 01:07:09 +01:00
parent 239a7156cc
commit 470305f75e
1 changed files with 21 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
MediaBrowser.Providers/Subtitles/SubtitleManager.cs
View file

@ -205,12 +205,30 @@ namespace MediaBrowser.Providers.Subtitles
if (saveInMediaFolder)
{
savePaths.Add(Path.Combine(video.ContainingFolderPath, saveFileName));
var mediaFolderPath = Path.GetFullPath(Path.Combine(video.ContainingFolderPath, saveFileName));
// TODO: Add some error handling to the API user: return BadRequest("Could not save subtitle, bad path.");
if (mediaFolderPath.StartsWith(video.ContainingFolderPath))
{
savePaths.Add(mediaFolderPath);
}
}
savePaths.Add(Path.Combine(video.GetInternalMetadataPath(), saveFileName));
var internalPath = Path.GetFullPath(Path.Combine(video.GetInternalMetadataPath(), saveFileName));
await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false);
// TODO: Add some error to the user: return BadRequest("Could not save subtitle, bad path.");
if (internalPath.StartsWith(video.GetInternalMetadataPath()))
{
savePaths.Add(internalPath);
}
if (savePaths.Count > 0)
{
await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false);
}
else
{
_logger.LogError("An uploaded subtitle could not be saved because the resulting paths were invalid.");
}
}
}