monkee.ch/SickGear
1
0
Fork 0
mirror of https://github.com/SickGear/SickGear.git synced 2025-01-07 10:33:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1081 from JackDandy/feature/ChangeMoreSecurity

Browse source 
Change add xsrf protection support to media processing scripts.
This commit is contained in:
JackDandy 2018-04-04 16:34:02 +01:00 committed by GitHub
commit 80bcee49bc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGES.md
View file

@ -32,6 +32,7 @@
[develop changelog] [develop changelog]
* Change pick up the stragglers late to the more security party * Change pick up the stragglers late to the more security party
* Change remove redundant xsrf handling for POSTs that don't use web and API * Change remove redundant xsrf handling for POSTs that don't use web and API
* Change add xsrf protection support to media processing scripts
### 0.15.4 (2018-04-03 16:10:00 UTC) ### 0.15.4 (2018-04-03 16:10:00 UTC)

3
autoProcessTV/SickGear-NG/SickGear-NG.py
View file

@ -485,7 +485,10 @@ def call_sickgear(nzb_name, dir_name, test=False):
s = requests.Session() s = requests.Session()
if username or password: if username or password:
login = '%s%s:%s%s/login' % (protocol, host, port, webroot) login = '%s%s:%s%s/login' % (protocol, host, port, webroot)
r = s.get(login)
login_params = {'username': username, 'password': password} login_params = {'username': username, 'password': password}
if 401 == r.status_code and r.cookies.get('_xsrf'):
login_params['_xsrf'] = r.cookies.get('_xsrf')
s.post(login, data=login_params, stream=True, verify=False) s.post(login, data=login_params, stream=True, verify=False)
r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900) r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900)
except (StandardError, Exception): except (StandardError, Exception):

9
autoProcessTV/autoProcessTV.py
View file

@ -132,7 +132,12 @@ def processEpisode(dir_to_process, org_NZB_name=None, status=None):
try: try:
sess = requests.Session() sess = requests.Session()
sess.post(login_url, data={'username': username, 'password': password}, stream=True, verify=False) if username or password:
r = sess.get(login_url)
login_params = {'username': username, 'password': password}
if 401 == r.status_code and r.cookies.get('_xsrf'):
login_params['_xsrf'] = r.cookies.get('_xsrf')
sess.post(login_url, data=login_params, stream=True, verify=False)
result = sess.get(url, params=params, stream=True, verify=False) result = sess.get(url, params=params, stream=True, verify=False)
if result.status_code == 401: if result.status_code == 401:
print('Verify and use correct username and password in autoProcessTV.cfg') print('Verify and use correct username and password in autoProcessTV.cfg')
@ -150,4 +155,4 @@ def processEpisode(dir_to_process, org_NZB_name=None, status=None):
if __name__ == '__main__': if __name__ == '__main__':
print ('This module is supposed to be used as import in other scripts and not run standalone.') print ('This module is supposed to be used as import in other scripts and not run standalone.')
print ('Use sabToSickBeard instead.') print ('Use sabToSickBeard instead.')
sys.exit(1) sys.exit(1)