Change validate get_image path

This commit is contained in:
Prinz23 2024-12-18 23:07:36 +01:00 committed by JackDandy
parent 20f41644cf
commit acf6760dd1
3 changed files with 25 additions and 3 deletions

View file

@ -1,4 +1,10 @@
### 3.32.13 (2024-12-11 02:15:00 UTC) ### 3.32.14 (2024-12-19 01:45:00 UTC)
* Change validate get_image path
* Change remove Python 3.8 and add Python 3.13 to Gitlab and Github CI tests
### 3.32.13 (2024-12-11 02:15:00 UTC)
* Fix ignore empty SEASON_RESULT entries * Fix ignore empty SEASON_RESULT entries
* Change add support for Python 3.9.21, 3.10.16, 3.11.11, 3.12.8 * Change add support for Python 3.9.21, 3.10.16, 3.11.11, 3.12.8

View file

@ -25,6 +25,7 @@ import socket
import time import time
import uuid import uuid
import sys import sys
from pathlib import Path
import sickgear import sickgear
from . import db, logger, notifiers from . import db, logger, notifiers
@ -177,6 +178,19 @@ def has_image_ext(filename):
pass pass
return False return False
def is_sickgear_dir(path):
# type: (str) -> bool
"""
validate that a path is a sickgear subpath
:param path: path to check
"""
path = Path(os.path.realpath(os.path.abspath(path)))
sickgear_path = Path(sickgear.PROG_DIR)
sickgear_data_path = Path(sickgear.DATA_DIR)
if sickgear_data_path in path.parents or sickgear_path in path.parents:
return True
return False
def is_first_rar_volume(filename): def is_first_rar_volume(filename):
""" """

View file

@ -55,7 +55,8 @@ from .anime import AniGroupList, pull_anidb_groups, short_group_names
from .browser import folders_at_path from .browser import folders_at_path
from .common import ARCHIVED, DOWNLOADED, FAILED, IGNORED, SKIPPED, SNATCHED, SNATCHED_ANY, UNAIRED, UNKNOWN, WANTED, \ from .common import ARCHIVED, DOWNLOADED, FAILED, IGNORED, SKIPPED, SNATCHED, SNATCHED_ANY, UNAIRED, UNKNOWN, WANTED, \
SD, HD720p, HD1080p, UHD2160p, Overview, Quality, qualityPresetStrings, statusStrings SD, HD720p, HD1080p, UHD2160p, Overview, Quality, qualityPresetStrings, statusStrings
from .helpers import get_media_stats, has_image_ext, real_path, remove_article, remove_file_perm, starify from .helpers import (get_media_stats, has_image_ext, is_sickgear_dir, real_path, remove_article, remove_file_perm,
starify)
from .indexermapper import MapStatus, map_indexers_to_show, save_mapping from .indexermapper import MapStatus, map_indexers_to_show, save_mapping
from .indexers.indexer_config import TVINFO_IMDB, TVINFO_TMDB, TVINFO_TRAKT, TVINFO_TVDB, TVINFO_TVMAZE, \ from .indexers.indexer_config import TVINFO_IMDB, TVINFO_TMDB, TVINFO_TRAKT, TVINFO_TVDB, TVINFO_TVMAZE, \
TVINFO_TRAKT_SLUG, TVINFO_TVDB_SLUG TVINFO_TRAKT_SLUG, TVINFO_TVDB_SLUG
@ -332,11 +333,12 @@ class BaseHandler(RouteHandler):
return True return True
def get_image(self, image): def get_image(self, image):
if os.path.isfile(image): if None is re.search(r'\.\.[\\/]', image) and has_image_ext(image) and os.path.isfile(image) and is_sickgear_dir(image):
mime_type, encoding = MimeTypes().guess_type(image) mime_type, encoding = MimeTypes().guess_type(image)
self.set_header('Content-Type', mime_type) self.set_header('Content-Type', mime_type)
with open(image, 'rb') as img: with open(image, 'rb') as img:
return img.read() return img.read()
return self.set_status(404)
def show_poster(self, tvid_prodid=None, which=None, api=None): def show_poster(self, tvid_prodid=None, which=None, api=None):
# Redirect initial poster/banner thumb to default images # Redirect initial poster/banner thumb to default images