monkee.ch/SickGear
1
0
Fork 0
mirror of https://github.com/SickGear/SickGear.git synced 2025-01-07 10:33:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change add xsrf protection support to media processing scripts.

Browse source
This commit is contained in:
JackDandy 2018-04-04 15:31:21 +01:00
parent cd1adfdcc2
commit 91014078c0
3 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGES.md
View file

@ -32,6 +32,7 @@
[develop changelog] [develop changelog]
* Change pick up the stragglers late to the more security party * Change pick up the stragglers late to the more security party
* Change remove redundant xsrf handling for POSTs that don't use web and API * Change remove redundant xsrf handling for POSTs that don't use web and API
* Change add xsrf protection support to media processing scripts
### 0.15.4 (2018-04-03 16:10:00 UTC) ### 0.15.4 (2018-04-03 16:10:00 UTC)

3
autoProcessTV/SickGear-NG/SickGear-NG.py
View file

@ -485,7 +485,10 @@ def call_sickgear(nzb_name, dir_name, test=False):
s = requests.Session() s = requests.Session()
if username or password: if username or password:
login = '%s%s:%s%s/login' % (protocol, host, port, webroot) login = '%s%s:%s%s/login' % (protocol, host, port, webroot)
r = s.get(login)
login_params = {'username': username, 'password': password} login_params = {'username': username, 'password': password}
if 401 == r.status_code and r.cookies.get('_xsrf'):
login_params['_xsrf'] = r.cookies.get('_xsrf')
s.post(login, data=login_params, stream=True, verify=False) s.post(login, data=login_params, stream=True, verify=False)
r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900) r = s.get(url, auth=(username, password), params=params, stream=True, verify=False, timeout=900)
except (StandardError, Exception): except (StandardError, Exception):

9
autoProcessTV/autoProcessTV.py
View file

@ -132,7 +132,12 @@ def processEpisode(dir_to_process, org_NZB_name=None, status=None):
try: try:
sess = requests.Session() sess = requests.Session()
sess.post(login_url, data={'username': username, 'password': password}, stream=True, verify=False) if username or password:
r = sess.get(login_url)
login_params = {'username': username, 'password': password}
if 401 == r.status_code and r.cookies.get('_xsrf'):
login_params['_xsrf'] = r.cookies.get('_xsrf')
sess.post(login_url, data=login_params, stream=True, verify=False)
result = sess.get(url, params=params, stream=True, verify=False) result = sess.get(url, params=params, stream=True, verify=False)
if result.status_code == 401: if result.status_code == 401:
print('Verify and use correct username and password in autoProcessTV.cfg') print('Verify and use correct username and password in autoProcessTV.cfg')
@ -150,4 +155,4 @@ def processEpisode(dir_to_process, org_NZB_name=None, status=None):
if __name__ == '__main__': if __name__ == '__main__':
print ('This module is supposed to be used as import in other scripts and not run standalone.') print ('This module is supposed to be used as import in other scripts and not run standalone.')
print ('Use sabToSickBeard instead.') print ('Use sabToSickBeard instead.')
sys.exit(1) sys.exit(1)