From 3ea6890c3463a987d6ad9fed46f743e45b1843a5 Mon Sep 17 00:00:00 2001
From: angelblue05 <angelblue.dev@gmail.com>
Date: Sun, 27 Jan 2019 14:49:35 -0600
Subject: [PATCH] Filter webservice requests

Only proceed if the id is a number.
---
 resources/lib/webservice.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/resources/lib/webservice.py b/resources/lib/webservice.py
index 5ef21824..34826af0 100644
--- a/resources/lib/webservice.py
+++ b/resources/lib/webservice.py
@@ -164,6 +164,10 @@ class StoppableHttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
         '''
         try:
             params = self.get_params()
+
+            if not params.get('Id').isdigit():
+                raise IndexError("Incorrect Id format: %s" % params.get('Id'))
+            
             LOG.info("Webservice called with params: %s", params)
 
             path = ("plugin://plugin.video.emby?mode=play&id=%s&dbid=%s&filename=%s&transcode=%s"
@@ -176,6 +180,10 @@ class StoppableHttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
 
             if not headers_only:
                 self.wfile.write(path)
+        except IndexError as error:
+
+            LOG.error(error)
+            self.send_error(403)
 
         except Exception as error: