alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-04-10 04:12:10 +01:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

Browse Source
This commit is contained in:
Luke Pulverenti
2014-07-02 00:57:18 -04:00
parent 3bef6ead9c
commit 389390b82e
39 changed files with 587 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
MediaBrowser.Api/UserLibrary/UserLibraryService.cs
View File

@@ -791,7 +791,7 @@ namespace MediaBrowser.Api.UserLibrary
datePlayed = DateTime.ParseExact(request.DatePlayed, "yyyyMMddHHmmss", CultureInfo.InvariantCulture, DateTimeStyles.AssumeUniversal);
}
var session = GetSession(_sessionManager);
var session = GetSession();
var dto = await UpdatePlayedStatus(user, request.Id, true, datePlayed).ConfigureAwait(false);
@@ -826,7 +826,7 @@ namespace MediaBrowser.Api.UserLibrary
public void Post(ReportPlaybackStart request)
{
request.SessionId = GetSession(_sessionManager).Id;
request.SessionId = GetSession().Id;
var task = _sessionManager.OnPlaybackStart(request);
@@ -854,7 +854,7 @@ namespace MediaBrowser.Api.UserLibrary
public void Post(ReportPlaybackProgress request)
{
request.SessionId = GetSession(_sessionManager).Id;
request.SessionId = GetSession().Id;
var task = _sessionManager.OnPlaybackProgress(request);
@@ -877,7 +877,7 @@ namespace MediaBrowser.Api.UserLibrary
public void Post(ReportPlaybackStopped request)
{
request.SessionId = GetSession(_sessionManager).Id;
request.SessionId = GetSession().Id;
var task = _sessionManager.OnPlaybackStopped(request);
@@ -899,7 +899,7 @@ namespace MediaBrowser.Api.UserLibrary
{
var user = _userManager.GetUserById(request.UserId);
var session = GetSession(_sessionManager);
var session = GetSession();
var dto = await UpdatePlayedStatus(user, request.Id, false, null).ConfigureAwait(false);