aboutsummaryrefslogtreecommitdiff
path: root/Emby.Server.Implementations
diff options
context:
space:
mode:
Diffstat (limited to 'Emby.Server.Implementations')
-rw-r--r--Emby.Server.Implementations/Data/SqliteItemRepository.cs79
-rw-r--r--Emby.Server.Implementations/Emby.Server.Implementations.csproj2
-rw-r--r--Emby.Server.Implementations/HttpServer/GetSwaggerResource.cs17
-rw-r--r--Emby.Server.Implementations/HttpServer/SwaggerService.cs47
4 files changed, 60 insertions, 85 deletions
diff --git a/Emby.Server.Implementations/Data/SqliteItemRepository.cs b/Emby.Server.Implementations/Data/SqliteItemRepository.cs
index e65ebeb04..c5ba6c892 100644
--- a/Emby.Server.Implementations/Data/SqliteItemRepository.cs
+++ b/Emby.Server.Implementations/Data/SqliteItemRepository.cs
@@ -3204,6 +3204,40 @@ namespace Emby.Server.Implementations.Data
}
}
+ private bool IsAlphaNumeric(string str)
+ {
+ if (string.IsNullOrWhiteSpace(str))
+ return false;
+
+ for (int i = 0; i < str.Length; i++)
+ {
+ if (!(char.IsLetter(str[i])) && (!(char.IsNumber(str[i]))))
+ return false;
+ }
+
+ return true;
+ }
+
+ private bool IsValidType(string value)
+ {
+ return IsAlphaNumeric(value);
+ }
+
+ private bool IsValidMediaType(string value)
+ {
+ return IsAlphaNumeric(value);
+ }
+
+ private bool IsValidId(string value)
+ {
+ return IsAlphaNumeric(value);
+ }
+
+ private bool IsValidPersonType(string value)
+ {
+ return IsAlphaNumeric(value);
+ }
+
private List<string> GetWhereClauses(InternalItemsQuery query, IStatement statement, string paramSuffix = "")
{
if (query.IsResumable ?? false)
@@ -3423,9 +3457,9 @@ namespace Emby.Server.Implementations.Data
statement.TryBind("@ChannelId", query.ChannelIds[0]);
}
}
- if (query.ChannelIds.Length > 1)
+ else if (query.ChannelIds.Length > 1)
{
- var inClause = string.Join(",", query.ChannelIds.Select(i => "'" + i + "'").ToArray());
+ var inClause = string.Join(",", query.ChannelIds.Where(IsValidId).Select(i => "'" + i + "'").ToArray());
whereClauses.Add(string.Format("ChannelId in ({0})", inClause));
}
@@ -4157,17 +4191,18 @@ namespace Emby.Server.Implementations.Data
whereClauses.Add("(IsVirtualItem=0 OR PremiereDate < DATETIME('now'))");
}
}
- if (query.MediaTypes.Length == 1)
+ var queryMediaTypes = query.MediaTypes.Where(IsValidMediaType).ToArray();
+ if (queryMediaTypes.Length == 1)
{
whereClauses.Add("MediaType=@MediaTypes");
if (statement != null)
{
- statement.TryBind("@MediaTypes", query.MediaTypes[0]);
+ statement.TryBind("@MediaTypes", queryMediaTypes[0]);
}
}
- if (query.MediaTypes.Length > 1)
+ else if (queryMediaTypes.Length > 1)
{
- var val = string.Join(",", query.MediaTypes.Select(i => "'" + i + "'").ToArray());
+ var val = string.Join(",", queryMediaTypes.Select(i => "'" + i + "'").ToArray());
whereClauses.Add("MediaType in (" + val + ")");
}
@@ -4273,7 +4308,9 @@ namespace Emby.Server.Implementations.Data
//var enableItemsByName = query.IncludeItemsByName ?? query.IncludeItemTypes.Length > 0;
var enableItemsByName = query.IncludeItemsByName ?? false;
- if (query.TopParentIds.Length == 1)
+ var queryTopParentIds = query.TopParentIds.Where(IsValidId).ToArray();
+
+ if (queryTopParentIds.Length == 1)
{
if (enableItemsByName)
{
@@ -4289,12 +4326,12 @@ namespace Emby.Server.Implementations.Data
}
if (statement != null)
{
- statement.TryBind("@TopParentId", query.TopParentIds[0]);
+ statement.TryBind("@TopParentId", queryTopParentIds[0]);
}
}
- if (query.TopParentIds.Length > 1)
+ else if (queryTopParentIds.Length > 1)
{
- var val = string.Join(",", query.TopParentIds.Select(i => "'" + i + "'").ToArray());
+ var val = string.Join(",", queryTopParentIds.Select(i => "'" + i + "'").ToArray());
if (enableItemsByName)
{
@@ -4544,7 +4581,7 @@ namespace Emby.Server.Implementations.Data
return result;
}
- return new[] { value };
+ return new[] { value }.Where(IsValidType);
}
public async Task DeleteItem(Guid id, CancellationToken cancellationToken)
@@ -4696,31 +4733,35 @@ namespace Emby.Server.Implementations.Data
statement.TryBind("@AppearsInItemId", query.AppearsInItemId.ToGuidParamValue());
}
}
- if (query.PersonTypes.Count == 1)
+ var queryPersonTypes = query.PersonTypes.Where(IsValidPersonType).ToList();
+
+ if (queryPersonTypes.Count == 1)
{
whereClauses.Add("PersonType=@PersonType");
if (statement != null)
{
- statement.TryBind("@PersonType", query.PersonTypes[0]);
+ statement.TryBind("@PersonType", queryPersonTypes[0]);
}
}
- if (query.PersonTypes.Count > 1)
+ else if (queryPersonTypes.Count > 1)
{
- var val = string.Join(",", query.PersonTypes.Select(i => "'" + i + "'").ToArray());
+ var val = string.Join(",", queryPersonTypes.Select(i => "'" + i + "'").ToArray());
whereClauses.Add("PersonType in (" + val + ")");
}
- if (query.ExcludePersonTypes.Count == 1)
+ var queryExcludePersonTypes = query.ExcludePersonTypes.Where(IsValidPersonType).ToList();
+
+ if (queryExcludePersonTypes.Count == 1)
{
whereClauses.Add("PersonType<>@PersonType");
if (statement != null)
{
- statement.TryBind("@PersonType", query.ExcludePersonTypes[0]);
+ statement.TryBind("@PersonType", queryExcludePersonTypes[0]);
}
}
- if (query.ExcludePersonTypes.Count > 1)
+ else if (queryExcludePersonTypes.Count > 1)
{
- var val = string.Join(",", query.ExcludePersonTypes.Select(i => "'" + i + "'").ToArray());
+ var val = string.Join(",", queryExcludePersonTypes.Select(i => "'" + i + "'").ToArray());
whereClauses.Add("PersonType not in (" + val + ")");
}
diff --git a/Emby.Server.Implementations/Emby.Server.Implementations.csproj b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
index ecd86d507..afd437fe8 100644
--- a/Emby.Server.Implementations/Emby.Server.Implementations.csproj
+++ b/Emby.Server.Implementations/Emby.Server.Implementations.csproj
@@ -85,7 +85,6 @@
<Compile Include="FileOrganization\OrganizerScheduledTask.cs" />
<Compile Include="FileOrganization\TvFolderOrganizer.cs" />
<Compile Include="HttpServer\FileWriter.cs" />
- <Compile Include="HttpServer\GetSwaggerResource.cs" />
<Compile Include="HttpServer\HttpListenerHost.cs" />
<Compile Include="HttpServer\HttpResultFactory.cs" />
<Compile Include="HttpServer\LoggerUtils.cs" />
@@ -103,7 +102,6 @@
<Compile Include="HttpServer\SocketSharp\WebSocketSharpRequest.cs" />
<Compile Include="HttpServer\SocketSharp\WebSocketSharpResponse.cs" />
<Compile Include="HttpServer\StreamWriter.cs" />
- <Compile Include="HttpServer\SwaggerService.cs" />
<Compile Include="Images\BaseDynamicImageProvider.cs" />
<Compile Include="IO\FileRefresher.cs" />
<Compile Include="IO\MbLinkShortcutHandler.cs" />
diff --git a/Emby.Server.Implementations/HttpServer/GetSwaggerResource.cs b/Emby.Server.Implementations/HttpServer/GetSwaggerResource.cs
deleted file mode 100644
index 819ede1ab..000000000
--- a/Emby.Server.Implementations/HttpServer/GetSwaggerResource.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-using MediaBrowser.Model.Services;
-
-namespace Emby.Server.Implementations.HttpServer
-{
- /// <summary>
- /// Class GetDashboardResource
- /// </summary>
- [Route("/swagger-ui/{ResourceName*}", "GET")]
- public class GetSwaggerResource
- {
- /// <summary>
- /// Gets or sets the name.
- /// </summary>
- /// <value>The name.</value>
- public string ResourceName { get; set; }
- }
-} \ No newline at end of file
diff --git a/Emby.Server.Implementations/HttpServer/SwaggerService.cs b/Emby.Server.Implementations/HttpServer/SwaggerService.cs
deleted file mode 100644
index d41946645..000000000
--- a/Emby.Server.Implementations/HttpServer/SwaggerService.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-using MediaBrowser.Controller;
-using MediaBrowser.Controller.Net;
-using System.IO;
-using MediaBrowser.Model.IO;
-using MediaBrowser.Model.Services;
-
-namespace Emby.Server.Implementations.HttpServer
-{
- public class SwaggerService : IService, IRequiresRequest
- {
- private readonly IServerApplicationPaths _appPaths;
- private readonly IFileSystem _fileSystem;
-
- public SwaggerService(IServerApplicationPaths appPaths, IFileSystem fileSystem, IHttpResultFactory resultFactory)
- {
- _appPaths = appPaths;
- _fileSystem = fileSystem;
- _resultFactory = resultFactory;
- }
-
- /// <summary>
- /// Gets the specified request.
- /// </summary>
- /// <param name="request">The request.</param>
- /// <returns>System.Object.</returns>
- public object Get(GetSwaggerResource request)
- {
- var swaggerDirectory = Path.Combine(_appPaths.ApplicationResourcesPath, "swagger-ui");
-
- var requestedFile = Path.Combine(swaggerDirectory, request.ResourceName.Replace('/', _fileSystem.DirectorySeparatorChar));
-
- return _resultFactory.GetStaticFileResult(Request, requestedFile).Result;
- }
-
- /// <summary>
- /// Gets or sets the result factory.
- /// </summary>
- /// <value>The result factory.</value>
- private readonly IHttpResultFactory _resultFactory;
-
- /// <summary>
- /// Gets or sets the request context.
- /// </summary>
- /// <value>The request context.</value>
- public IRequest Request { get; set; }
- }
-}
generated by cgit v1.2.3 (git 2.46.0) at 2026-01-09 15:06:09 +0000