Do more proper path validation for playlist generation
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
All checks were successful
Core Repos/ImageApi/pipeline/head This commit looks good
This commit is contained in:
Cameron Cordes
@@ -199,8 +199,8 @@ async fn stream_video(
|
|||||||
println!("Playlist: {}", playlist);
|
println!("Playlist: {}", playlist);
|
||||||
|
|
||||||
// Extract video playlist dir to dotenv
|
// Extract video playlist dir to dotenv
|
||||||
if !playlist.starts_with("tmp") || playlist.contains("..") {
|
if !playlist.starts_with("tmp") && is_valid_path(playlist) != None {
|
||||||
HttpResponse::NotFound().finish()
|
HttpResponse::BadRequest().finish()
|
||||||
} else if let Ok(file) = NamedFile::open(playlist) {
|
} else if let Ok(file) = NamedFile::open(playlist) {
|
||||||
file.into_response(&request).unwrap()
|
file.into_response(&request).unwrap()
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user