From ecd43f776a4892d7d0107589ac20f71bd73ace2e Mon Sep 17 00:00:00 2001
From: Cameron Cordes <cameronc.dev@gmail.com>
Date: Mon, 8 Feb 2021 18:38:30 -0500
Subject: [PATCH] Do more proper path validation for playlist generation

---
 src/main.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 10932db..e2e2b12 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -199,8 +199,8 @@ async fn stream_video(
     println!("Playlist: {}", playlist);
 
     // Extract video playlist dir to dotenv
-    if !playlist.starts_with("tmp") || playlist.contains("..") {
-        HttpResponse::NotFound().finish()
+    if !playlist.starts_with("tmp") && is_valid_path(playlist) != None {
+        HttpResponse::BadRequest().finish()
     } else if let Ok(file) = NamedFile::open(playlist) {
         file.into_response(&request).unwrap()
     } else {