Do more proper path validation for playlist generation
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
This commit is contained in:
Cameron Cordes
@@ -199,8 +199,8 @@ async fn stream_video(
|
||||
println!("Playlist: {}", playlist);
|
||||
|
||||
// Extract video playlist dir to dotenv
|
||||
if !playlist.starts_with("tmp") || playlist.contains("..") {
|
||||
HttpResponse::NotFound().finish()
|
||||
if !playlist.starts_with("tmp") && is_valid_path(playlist) != None {
|
||||
HttpResponse::BadRequest().finish()
|
||||
} else if let Ok(file) = NamedFile::open(playlist) {
|
||||
file.into_response(&request).unwrap()
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user