Jellyfin
/
jellyfin-kodi
mirror of https://github.com/jellyfin/jellyfin-kodi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Filter webservice requests 

Only proceed if the id is a number.
This commit is contained in:
angelblue05 2019-01-27 14:49:35 -06:00
parent e5aea3fbdc
commit 3ea6890c34
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
resources/lib/webservice.py
View File

@ -164,6 +164,10 @@ class StoppableHttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
''' '''
try: try:
params = self.get_params() params = self.get_params()
if not params.get('Id').isdigit():
raise IndexError("Incorrect Id format: %s" % params.get('Id'))
LOG.info("Webservice called with params: %s", params) LOG.info("Webservice called with params: %s", params)
path = ("plugin://plugin.video.emby?mode=play&id=%s&dbid=%s&filename=%s&transcode=%s" path = ("plugin://plugin.video.emby?mode=play&id=%s&dbid=%s&filename=%s&transcode=%s"
@ -176,6 +180,10 @@ class StoppableHttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
if not headers_only: if not headers_only:
self.wfile.write(path) self.wfile.write(path)
except IndexError as error:
LOG.error(error)
self.send_error(403)
except Exception as error: except Exception as error: