|
|
@ -13,7 +13,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
{
|
|
|
|
{
|
|
|
|
internal static string GetParameter(string header, string attr)
|
|
|
|
internal static string GetParameter(string header, string attr)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
int ap = header.IndexOf(attr);
|
|
|
|
int ap = header.IndexOf(attr, StringComparison.Ordinal);
|
|
|
|
if (ap == -1)
|
|
|
|
if (ap == -1)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
return null;
|
|
|
|
return null;
|
|
|
@ -140,8 +140,12 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
v = v.Substring(0, 16) + "...\"";
|
|
|
|
v = v.Substring(0, 16) + "...\"";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
string msg = string.Format("A potentially dangerous Request.{0} value was " +
|
|
|
|
string msg = string.Format(
|
|
|
|
"detected from the client ({1}={2}).", name, key, v);
|
|
|
|
CultureInfo.InvariantCulture,
|
|
|
|
|
|
|
|
"A potentially dangerous Request.{0} value was detected from the client ({1}={2}).",
|
|
|
|
|
|
|
|
name,
|
|
|
|
|
|
|
|
key,
|
|
|
|
|
|
|
|
v);
|
|
|
|
|
|
|
|
|
|
|
|
throw new Exception(msg);
|
|
|
|
throw new Exception(msg);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -258,6 +262,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
value.Append((char)c);
|
|
|
|
value.Append((char)c);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (c == -1)
|
|
|
|
if (c == -1)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
AddRawKeyValue(form, key, value);
|
|
|
|
AddRawKeyValue(form, key, value);
|
|
|
@ -273,6 +278,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
key.Append((char)c);
|
|
|
|
key.Append((char)c);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (c == -1)
|
|
|
|
if (c == -1)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
AddRawKeyValue(form, key, value);
|
|
|
|
AddRawKeyValue(form, key, value);
|
|
|
@ -310,6 +316,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
result.Append(key);
|
|
|
|
result.Append(key);
|
|
|
|
result.Append('=');
|
|
|
|
result.Append('=');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
result.Append(pair.Value);
|
|
|
|
result.Append(pair.Value);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -493,11 +500,6 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
public Stream InputStream => stream;
|
|
|
|
public Stream InputStream => stream;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private class Helpers
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
public static readonly CultureInfo InvariantCulture = CultureInfo.InvariantCulture;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
internal static class StrUtils
|
|
|
|
internal static class StrUtils
|
|
|
|
{
|
|
|
|
{
|
|
|
|
public static bool StartsWith(string str1, string str2, bool ignore_case)
|
|
|
|
public static bool StartsWith(string str1, string str2, bool ignore_case)
|
|
|
@ -535,12 +537,17 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
|
|
|
|
|
|
|
|
public class Element
|
|
|
|
public class Element
|
|
|
|
{
|
|
|
|
{
|
|
|
|
public string ContentType;
|
|
|
|
public string ContentType { get; set; }
|
|
|
|
public string Name;
|
|
|
|
|
|
|
|
public string Filename;
|
|
|
|
public string Name { get; set; }
|
|
|
|
public Encoding Encoding;
|
|
|
|
|
|
|
|
public long Start;
|
|
|
|
public string Filename { get; set; }
|
|
|
|
public long Length;
|
|
|
|
|
|
|
|
|
|
|
|
public Encoding Encoding { get; set; }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public long Start { get; set; }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public long Length { get; set; }
|
|
|
|
|
|
|
|
|
|
|
|
public override string ToString()
|
|
|
|
public override string ToString()
|
|
|
|
{
|
|
|
|
{
|
|
|
@ -597,6 +604,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
{
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
got_cr = b == CR;
|
|
|
|
got_cr = b == CR;
|
|
|
|
sb.Append((char)b);
|
|
|
|
sb.Append((char)b);
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -797,6 +805,7 @@ namespace Jellyfin.Server.SocketSharp
|
|
|
|
c = data.ReadByte();
|
|
|
|
c = data.ReadByte();
|
|
|
|
continue;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
data.Position = retval + 2;
|
|
|
|
data.Position = retval + 2;
|
|
|
|
if (got_cr)
|
|
|
|
if (got_cr)
|
|
|
|
{
|
|
|
|
{
|
|
|
|