mirror of
https://github.com/SickGear/SickGear.git
synced 2025-01-23 09:53:36 +00:00
Merge pull request #1081 from JackDandy/feature/ChangeMoreSecurity
Change add xsrf protection support to media processing scripts.
This commit is contained in:
commit
80bcee49bc
3 changed files with 11 additions and 2 deletions
|
@ -32,6 +32,7 @@
|
||||||
[develop changelog]
|
[develop changelog]
|
||||||
* Change pick up the stragglers late to the more security party
|
* Change pick up the stragglers late to the more security party
|
||||||
* Change remove redundant xsrf handling for POSTs that don't use web and API
|
* Change remove redundant xsrf handling for POSTs that don't use web and API
|
||||||
|
* Change add xsrf protection support to media processing scripts
|
||||||
|
|
||||||
|
|
||||||
### 0.15.4 (2018-04-03 16:10:00 UTC)
|
### 0.15.4 (2018-04-03 16:10:00 UTC)
|
||||||
|
|
|
@ -485,7 +485,10 @@ def call_sickgear(nzb_name, dir_name, test=False):
|
||||||
s = requests.Session()
|
s = requests.Session()
|
||||||
if username or password:
|
if username or password:
|
||||||
login = '%s%s:%s%s/login' % (protocol, host, port, webroot)
|
login = '%s%s:%s%s/login' % (protocol, host, port, webroot)
|
||||||
|
r = s.get(login)
|
||||||
login_params = {'username': username, 'password': password}
|
login_params = {'username': username, 'password': password}
|
||||||
|
if 401 == r.status_code and r.cookies.get('_xsrf'):
|
||||||
|
login_params['_xsrf'] = r.cookies.get('_xsrf')
|
||||||
s.post(login, data=login_params, stream=True, verify=False)
|
s.post(login, data=login_params, stream=True, verify=False)
|
||||||
r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900)
|
r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900)
|
||||||
except (StandardError, Exception):
|
except (StandardError, Exception):
|
||||||
|
|
|
@ -132,7 +132,12 @@ def processEpisode(dir_to_process, org_NZB_name=None, status=None):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
sess = requests.Session()
|
sess = requests.Session()
|
||||||
sess.post(login_url, data={'username': username, 'password': password}, stream=True, verify=False)
|
if username or password:
|
||||||
|
r = sess.get(login_url)
|
||||||
|
login_params = {'username': username, 'password': password}
|
||||||
|
if 401 == r.status_code and r.cookies.get('_xsrf'):
|
||||||
|
login_params['_xsrf'] = r.cookies.get('_xsrf')
|
||||||
|
sess.post(login_url, data=login_params, stream=True, verify=False)
|
||||||
result = sess.get(url, params=params, stream=True, verify=False)
|
result = sess.get(url, params=params, stream=True, verify=False)
|
||||||
if result.status_code == 401:
|
if result.status_code == 401:
|
||||||
print('Verify and use correct username and password in autoProcessTV.cfg')
|
print('Verify and use correct username and password in autoProcessTV.cfg')
|
||||||
|
|
Loading…
Reference in a new issue