mirror of https://github.com/jellyfin/jellyfin.git
Authenticated arbitrary file overwrite in SubtitleController -> SubtitleManager
GHSL-2021-050: Issue 5 Arbitrary file overwrite.
This commit is contained in:
parent
239a7156cc
commit
470305f75e
|
@ -205,13 +205,31 @@ namespace MediaBrowser.Providers.Subtitles
|
||||||
|
|
||||||
if (saveInMediaFolder)
|
if (saveInMediaFolder)
|
||||||
{
|
{
|
||||||
savePaths.Add(Path.Combine(video.ContainingFolderPath, saveFileName));
|
var mediaFolderPath = Path.GetFullPath(Path.Combine(video.ContainingFolderPath, saveFileName));
|
||||||
|
// TODO: Add some error handling to the API user: return BadRequest("Could not save subtitle, bad path.");
|
||||||
|
if (mediaFolderPath.StartsWith(video.ContainingFolderPath))
|
||||||
|
{
|
||||||
|
savePaths.Add(mediaFolderPath);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
savePaths.Add(Path.Combine(video.GetInternalMetadataPath(), saveFileName));
|
var internalPath = Path.GetFullPath(Path.Combine(video.GetInternalMetadataPath(), saveFileName));
|
||||||
|
|
||||||
|
// TODO: Add some error to the user: return BadRequest("Could not save subtitle, bad path.");
|
||||||
|
if (internalPath.StartsWith(video.GetInternalMetadataPath()))
|
||||||
|
{
|
||||||
|
savePaths.Add(internalPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (savePaths.Count > 0)
|
||||||
|
{
|
||||||
await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false);
|
await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
_logger.LogError("An uploaded subtitle could not be saved because the resulting paths were invalid.");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task TrySaveToFiles(Stream stream, List<string> savePaths)
|
private async Task TrySaveToFiles(Stream stream, List<string> savePaths)
|
||||||
|
|
Loading…
Reference in New Issue