[Android] Check log file path prior to download
Robert Stone
git at videolan.org
Thu Dec 5 09:16:49 UTC 2024
vlc-android | branch: master | Robert Stone <rhstone at gmail.com> | Sat Nov 30 21:57:46 2024 -0800| [58e500add5280b529850a94a0d9315ca837d6a3a] | committer: Nicolas Pomepuy
Check log file path prior to download
> https://code.videolan.org/videolan/vlc-android/commit/58e500add5280b529850a94a0d9315ca837d6a3a
---
.../java/org/videolan/vlc/webserver/RemoteAccessRouting.kt | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessRouting.kt b/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessRouting.kt
index e4ed22d30f..832def5b8b 100644
--- a/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessRouting.kt
+++ b/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessRouting.kt
@@ -236,7 +236,16 @@ fun Route.setupRouting(appContext: Context, scope: CoroutineScope) {
}
// Download a log file
get("/download-logfile") {
+ verifyLogin(settings)
+ if (!settings.getBoolean(REMOTE_ACCESS_LOGS, false)) {
+ call.respond(HttpStatusCode.Forbidden)
+ return at get
+ }
call.request.queryParameters["file"]?.let { filePath ->
+ if (getLogsFiles().none { it.path == filePath }) {
+ call.respond(HttpStatusCode.Forbidden)
+ return at get
+ }
val file = File(filePath)
if (file.exists()) {
call.response.header(HttpHeaders.ContentDisposition, ContentDisposition.Attachment.withParameter(ContentDisposition.Parameters.FileName, file.name).toString())
@@ -247,6 +256,7 @@ fun Route.setupRouting(appContext: Context, scope: CoroutineScope) {
}
// List all log files
get("/logfile-list") {
+ verifyLogin(settings)
if (!settings.getBoolean(REMOTE_ACCESS_LOGS, false)) {
call.respond(HttpStatusCode.Forbidden)
return at get
More information about the Android
mailing list