Backup_Repos/beets
1
0
Fork 0
mirror of https://github.com/beetbox/beets.git synced 2025-12-30 12:32:33 +01:00
Code Issues Projects Releases Wiki Activity
beets/beetsplug
History
Adrian Sampson 1fad3d01ae
aura: Sanitize filenames in image IDs 
When constructing paths to image files to serve, we previously spliced
strings from URL requests directly into the path to be opened. This is
theoretically worrisome because it could allow clients to read other
files that they are not supposed to read.

I'm not actually sure this is a real security problem because Flask's
URL parsing should probably rule out IDs that have `/` in them anyway.
But out of an abundance of caution, this now prevents paths from showing
up in IDs at all---and also prevents `.` and `..` from being valid
names.
2021-11-26 15:35:07 -05:00
..
bpd Remove unused imports 2021-08-26 20:59:48 +10:00
lastgenre Remove unused imports 2021-08-26 20:59:48 +10:00
metasync Remove unused imports 2021-08-26 20:59:48 +10:00
web pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
__init__.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
absubmit.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
acousticbrainz.py Remove unused imports 2021-08-26 20:59:48 +10:00
albumtypes.py Fix up invalid master merges 2021-09-26 17:33:15 +10:00
aura.py aura: Sanitize filenames in image IDs 2021-11-26 15:35:07 -05:00
badfiles.py Remove unused imports 2021-08-26 20:59:48 +10:00
bareasc.py Remove unused imports 2021-08-26 20:59:48 +10:00
beatport.py Remove unused imports 2021-08-26 20:59:48 +10:00
bench.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
bpm.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
bpsync.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
bucket.py Remove unused imports 2021-08-26 20:59:48 +10:00
chroma.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
convert.py Remove unused imports 2021-08-26 20:59:48 +10:00
deezer.py Remove unused imports 2021-08-26 20:59:48 +10:00
discogs.py Remove unused imports 2021-08-26 20:59:48 +10:00
duplicates.py Remove unused imports 2021-08-26 20:59:48 +10:00
edit.py Remove unused imports 2021-08-26 20:59:48 +10:00
embedart.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
embyupdate.py Remove unused imports 2021-08-26 20:59:48 +10:00
export.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
fetchart.py Remove as many as possible sys.version tests 2021-08-27 10:24:27 +10:00
filefilter.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
fish.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
freedesktop.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
fromfilename.py Remove unused imports 2021-08-26 20:59:48 +10:00
ftintitle.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
fuzzy.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
gmusic.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
hook.py Remove unused imports 2021-08-26 20:59:48 +10:00
ihate.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
importadded.py Remove unused imports 2021-08-26 20:59:48 +10:00
importfeeds.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
info.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
inline.py Remove unused imports 2021-08-26 20:59:48 +10:00
ipfs.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
keyfinder.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
kodiupdate.py Remove unused imports 2021-08-26 20:59:48 +10:00
lastimport.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
loadext.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
lyrics.py Missed a few unicode strings 2021-09-26 16:51:01 +10:00
mbcollection.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
mbsubmit.py Remove unused imports 2021-08-26 20:59:48 +10:00
mbsync.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
missing.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
mpdstats.py Address feedback from @sampsyo 2021-09-28 18:05:44 +10:00
mpdupdate.py Remove unused imports 2021-08-26 20:59:48 +10:00
parentwork.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
permissions.py Commit #4036 2021-09-26 16:41:13 +10:00
play.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
playlist.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
plexupdate.py Remove unused imports 2021-08-26 20:59:48 +10:00
random.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
replaygain.py Remove unused imports 2021-08-26 20:59:48 +10:00
rewrite.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
scrub.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
smartplaylist.py Remove unused imports 2021-08-26 20:59:48 +10:00
sonosupdate.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
spotify.py Remove unused imports 2021-08-26 20:59:48 +10:00
subsonicplaylist.py Remove unused imports 2021-08-26 20:59:48 +10:00
subsonicupdate.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
the.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
thumbnails.py Remove unused imports 2021-08-26 20:59:48 +10:00
types.py pyupgrade beetsplug and tests 2021-08-26 19:12:51 +10:00
unimported.py Remove unused imports 2021-08-26 20:59:48 +10:00
zero.py Remove unused imports 2021-08-26 20:59:48 +10:00