Your ROOT_URL in app.ini is https://git.cloudchain.link/ but you are visiting https://dash.bss.nz/open-source-mirrors/jellyfin/commit/82ad2633fdfb1c37a158057c7935f83e1129eda7?style=split&whitespace=ignore-all You should set ROOT_URL correctly, otherwise the web may not work correctly.
open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from GHSA-9p5f-5x8v-x65m

Browse Source 
Throw exception on path traversal in WriteDocumentAsync
pull/9716/head
Joshua M. Boniface 2 years ago committed by GitHub
parent d5a8419bc5 faac37bcf9
commit 82ad2633fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions

5
MediaBrowser.Controller/ClientEvent/ClientEventLogger.cs
Unescape View File

@ -23,6 +23,11 @@ namespace MediaBrowser.Controller.ClientEvent
{ {
var fileName = $"upload_{clientName}_{clientVersion}_{DateTime.UtcNow:yyyyMMddHHmmss}_{Guid.NewGuid():N}.log"; var fileName = $"upload_{clientName}_{clientVersion}_{DateTime.UtcNow:yyyyMMddHHmmss}_{Guid.NewGuid():N}.log";
var logFilePath = Path.Combine(_applicationPaths.LogDirectoryPath, fileName); var logFilePath = Path.Combine(_applicationPaths.LogDirectoryPath, fileName);
if (!Path.GetFullPath(logFilePath).StartsWith(_applicationPaths.LogDirectoryPath, StringComparison.Ordinal))
{
throw new ArgumentException("Path resolved to filename not in log directory");
}
await using var fileStream = new FileStream(logFilePath, FileMode.CreateNew, FileAccess.Write, FileShare.None); await using var fileStream = new FileStream(logFilePath, FileMode.CreateNew, FileAccess.Write, FileShare.None);
await fileContents.CopyToAsync(fileStream).ConfigureAwait(false); await fileContents.CopyToAsync(fileStream).ConfigureAwait(false);
return fileName; return fileName;

Write Preview
Loading…
Cancel
Save