diff options
| author | Erwin de Haan <EraYaN@users.noreply.github.com> | 2021-03-20 01:07:09 +0100 |
|---|---|---|
| committer | Erwin de Haan <EraYaN@users.noreply.github.com> | 2021-03-20 01:14:59 +0100 |
| commit | 470305f75edc037653b68dd0614f73009219bdbd (patch) | |
| tree | 108f5fa6d7d566841ac35ffec2061cff1e2d0e78 | |
| parent | 239a7156cc9c2c383aca1e7265ae4679666d5c85 (diff) | |
Authenticated arbitrary file overwrite in SubtitleController -> SubtitleManager
GHSL-2021-050: Issue 5 Arbitrary file overwrite.
| -rw-r--r-- | MediaBrowser.Providers/Subtitles/SubtitleManager.cs | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/MediaBrowser.Providers/Subtitles/SubtitleManager.cs b/MediaBrowser.Providers/Subtitles/SubtitleManager.cs index d4d79d27b..1f3d9acff 100644 --- a/MediaBrowser.Providers/Subtitles/SubtitleManager.cs +++ b/MediaBrowser.Providers/Subtitles/SubtitleManager.cs @@ -205,12 +205,30 @@ namespace MediaBrowser.Providers.Subtitles if (saveInMediaFolder) { - savePaths.Add(Path.Combine(video.ContainingFolderPath, saveFileName)); + var mediaFolderPath = Path.GetFullPath(Path.Combine(video.ContainingFolderPath, saveFileName)); + // TODO: Add some error handling to the API user: return BadRequest("Could not save subtitle, bad path."); + if (mediaFolderPath.StartsWith(video.ContainingFolderPath)) + { + savePaths.Add(mediaFolderPath); + } } - savePaths.Add(Path.Combine(video.GetInternalMetadataPath(), saveFileName)); + var internalPath = Path.GetFullPath(Path.Combine(video.GetInternalMetadataPath(), saveFileName)); + + // TODO: Add some error to the user: return BadRequest("Could not save subtitle, bad path."); + if (internalPath.StartsWith(video.GetInternalMetadataPath())) + { + savePaths.Add(internalPath); + } - await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false); + if (savePaths.Count > 0) + { + await TrySaveToFiles(memoryStream, savePaths).ConfigureAwait(false); + } + else + { + _logger.LogError("An uploaded subtitle could not be saved because the resulting paths were invalid."); + } } } |