alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-06-12 10:40:24 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Prevent directory browsing

Browse Source
This commit is contained in:
Luke Pulverenti
2015-05-13 00:16:55 -04:00
parent 1483c3f8fe
commit dca5101e46
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
MediaBrowser.WebDashboard/Api/PackageCreator.cs
View File

@@ -102,7 +102,17 @@ namespace MediaBrowser.WebDashboard.Api
/// <returns>System.String.</returns> /// <returns>System.String.</returns>
private string GetDashboardResourcePath(string virtualPath) private string GetDashboardResourcePath(string virtualPath)
{ {
return Path.Combine(DashboardUIPath, virtualPath.Replace('/', Path.DirectorySeparatorChar)); var rootPath = DashboardUIPath;
var fullPath = Path.Combine(rootPath, virtualPath.Replace('/', Path.DirectorySeparatorChar));
// Don't allow file system access outside of the source folder
if (!_fileSystem.ContainsSubPath(rootPath, fullPath))
{
throw new UnauthorizedAccessException();
}
return fullPath;
} }
/// <summary> /// <summary>