fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

author: Luke Pulverenti <luke.pulverenti@gmail.com> 2014-07-02 00:57:18 -0400
committer: Luke Pulverenti <luke.pulverenti@gmail.com> 2014-07-02 00:57:18 -0400
commit: 389390b82ecfbb48e0486f8f132046ddf8624e00 (patch)
tree: c03ffa22f3a2fe668bb9be7078ad83fea3177796 /MediaBrowser.Controller/Entities/Folder.cs
parent: 3bef6ead9cec4c33d43b6348ae4fc33c9b70316a (diff)
1 files changed, 6 insertions, 15 deletions
diff --git a/MediaBrowser.Controller/Entities/Folder.cs b/MediaBrowser.Controller/Entities/Folder.cs
index 52c414ae8..584091b13 100644
--- a/MediaBrowser.Controller/Entities/Folder.cs
+++ b/MediaBrowser.Controller/Entities/Folder.cs
@@ -780,7 +780,7 @@ namespace MediaBrowser.Controller.Entities
 
             var list = new List<BaseItem>();
 
-            var hasLinkedChildren = AddChildrenToList(user, includeLinkedChildren, list, false, null);
+            var hasLinkedChildren = AddChildrenToList(user, includeLinkedChildren, list, false);
 
             return hasLinkedChildren ? list.DistinctBy(i => i.Id).ToList() : list;
         }
@@ -797,9 +797,8 @@ namespace MediaBrowser.Controller.Entities
         /// <param name="includeLinkedChildren">if set to <c>true</c> [include linked children].</param>
         /// <param name="list">The list.</param>
         /// <param name="recursive">if set to <c>true</c> [recursive].</param>
-        /// <param name="filter">The filter.</param>
         /// <returns><c>true</c> if XXXX, <c>false</c> otherwise</returns>
-        private bool AddChildrenToList(User user, bool includeLinkedChildren, List<BaseItem> list, bool recursive, Func<BaseItem, bool> filter)
+        private bool AddChildrenToList(User user, bool includeLinkedChildren, List<BaseItem> list, bool recursive)
         {
             var hasLinkedChildren = false;
 
@@ -807,19 +806,16 @@ namespace MediaBrowser.Controller.Entities
             {
                 if (child.IsVisible(user))
                 {
-                    if (filter == null || filter(child))
+                    if (!child.IsHiddenFromUser(user))
                     {
-                        if (!child.IsHiddenFromUser(user))
-                        {
-                            list.Add(child);
-                        }
+                        list.Add(child);
                     }
 
                     if (recursive && child.IsFolder)
                     {
                         var folder = (Folder)child;
 
-                        if (folder.AddChildrenToList(user, includeLinkedChildren, list, true, filter))
+                        if (folder.AddChildrenToList(user, includeLinkedChildren, list, true))
                         {
                             hasLinkedChildren = true;
                         }
@@ -831,11 +827,6 @@ namespace MediaBrowser.Controller.Entities
             {
                 foreach (var child in GetLinkedChildren())
                 {
-                    if (filter != null && !filter(child))
-                    {
-                        continue;
-                    }
-
                     if (child.IsVisible(user))
                     {
                         hasLinkedChildren = true;
@@ -864,7 +855,7 @@ namespace MediaBrowser.Controller.Entities
 
             var list = new List<BaseItem>();
 
-            var hasLinkedChildren = AddChildrenToList(user, includeLinkedChildren, list, true, null);
+            var hasLinkedChildren = AddChildrenToList(user, includeLinkedChildren, list, true);
 
             return hasLinkedChildren ? list.DistinctBy(i => i.Id).ToList() : list;
         }
author	Luke Pulverenti <luke.pulverenti@gmail.com>	2014-07-02 00:57:18 -0400
committer	Luke Pulverenti <luke.pulverenti@gmail.com>	2014-07-02 00:57:18 -0400
commit	389390b82ecfbb48e0486f8f132046ddf8624e00 (patch)
tree	c03ffa22f3a2fe668bb9be7078ad83fea3177796 /MediaBrowser.Controller/Entities/Folder.cs
parent	3bef6ead9cec4c33d43b6348ae4fc33c9b70316a (diff)