starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-16 22:13:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

Validate requested user id (#8812)

Browse Source
This commit is contained in:
Cody Robibero
2023-02-17 15:16:08 -07:00
committed by GitHub
parent 9979b346ea
commit a527034ebe
24 changed files with 232 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Jellyfin.Api/Controllers/ArtistsController.cs
View File

@@ -118,6 +118,7 @@ public class ArtistsController : BaseJellyfinApiController
[FromQuery] bool? enableImages = true,
[FromQuery] bool enableTotalRecordCount = true)
{
userId = RequestHelpers.GetUserId(User, userId);
var dtoOptions = new DtoOptions { Fields = fields }
.AddClientFields(User)
.AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -125,7 +126,7 @@ public class ArtistsController : BaseJellyfinApiController
User? user = null;
BaseItem parentItem = _libraryManager.GetParentItem(parentId, userId);
if (userId.HasValue && !userId.Equals(default))
if (!userId.Value.Equals(default))
{
user = _userManager.GetUserById(userId.Value);
}
@@ -321,6 +322,7 @@ public class ArtistsController : BaseJellyfinApiController
[FromQuery] bool? enableImages = true,
[FromQuery] bool enableTotalRecordCount = true)
{
userId = RequestHelpers.GetUserId(User, userId);
var dtoOptions = new DtoOptions { Fields = fields }
.AddClientFields(User)
.AddAdditionalDtoOptions(enableImages, enableUserData, imageTypeLimit, enableImageTypes);
@@ -328,7 +330,7 @@ public class ArtistsController : BaseJellyfinApiController
User? user = null;
BaseItem parentItem = _libraryManager.GetParentItem(parentId, userId);
if (userId.HasValue && !userId.Equals(default))
if (!userId.Value.Equals(default))
{
user = _userManager.GetUserById(userId.Value);
}
@@ -462,11 +464,12 @@ public class ArtistsController : BaseJellyfinApiController
[ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<BaseItemDto> GetArtistByName([FromRoute, Required] string name, [FromQuery] Guid? userId)
{
userId = RequestHelpers.GetUserId(User, userId);
var dtoOptions = new DtoOptions().AddClientFields(User);
var item = _libraryManager.GetArtist(name, dtoOptions);
if (userId.HasValue && !userId.Value.Equals(default))
if (!userId.Value.Equals(default))
{
var user = _userManager.GetUserById(userId.Value);