From b496ebc175d1c817e6cc3787155c5ee1086c073b Mon Sep 17 00:00:00 2001
From: gnattu <gnattu@users.noreply.github.com>
Date: Fri, 29 Mar 2024 03:57:55 +0800
Subject: [PATCH] fix: disable api endpoint for ffmpeg path for security
 (#11225)

Co-authored-by: Niels van Velzen <nielsvanvelzen@users.noreply.github.com>
---
 Jellyfin.Api/Controllers/ConfigurationController.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 8db22f7ebe..abe8bec2db 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -125,12 +125,15 @@ public class ConfigurationController : BaseJellyfinApiController
     /// <param name="mediaEncoderPath">Media encoder path form body.</param>
     /// <response code="204">Media encoder path updated.</response>
     /// <returns>Status.</returns>
+    [Obsolete("This endpoint is obsolete.")]
+    [ApiExplorerSettings(IgnoreApi = true)]
     [HttpPost("MediaEncoder/Path")]
     [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     public ActionResult UpdateMediaEncoderPath([FromBody, Required] MediaEncoderPathDto mediaEncoderPath)
     {
-        _mediaEncoder.UpdateEncoderPath(mediaEncoderPath.Path, mediaEncoderPath.PathType);
+        // API ENDPOINT DISABLED (NOOP) FOR SECURITY PURPOSES
+        // _mediaEncoder.UpdateEncoderPath(mediaEncoderPath.Path, mediaEncoderPath.PathType);
         return NoContent();
     }
 }