pt
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not return the exception message to the client for AuthenticationExceptions

This commit is contained in:
Mark Monteiro 2020-04-13 16:10:55 -04:00
parent a8c3951c17
commit 8b4b4b4127
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
View File

@ -269,25 +269,24 @@ namespace Emby.Server.Implementations.HttpServer
httpRes.StatusCode = statusCode;
var errContent = NormalizeExceptionMessage(ex.Message);
var errContent = NormalizeExceptionMessage(ex) ?? string.Empty;
httpRes.ContentType = "text/plain";
httpRes.ContentLength = errContent.Length;
await httpRes.WriteAsync(errContent).ConfigureAwait(false);
}
private string NormalizeExceptionMessage(string msg)
private string NormalizeExceptionMessage(Exception ex)
{
if (msg == null)
// Do not expose the exception message for AuthenticationException
if (ex is AuthenticationException)
{
return string.Empty;
return null;
}
// Strip any information we don't want to reveal
msg = msg.Replace(_config.ApplicationPaths.ProgramSystemPath, string.Empty, StringComparison.OrdinalIgnoreCase);
msg = msg.Replace(_config.ApplicationPaths.ProgramDataPath, string.Empty, StringComparison.OrdinalIgnoreCase);
return msg;
return ex.Message
?.Replace(_config.ApplicationPaths.ProgramSystemPath, string.Empty, StringComparison.OrdinalIgnoreCase)
.Replace(_config.ApplicationPaths.ProgramDataPath, string.Empty, StringComparison.OrdinalIgnoreCase);
}
/// <summary>