Validate requested user id (#8812)

2025-12-20 15:55:25 +03:00 · 2023-02-17 15:16:08 -07:00
parent 9979b346ea
commit a527034ebe
24 changed files with 232 additions and 70 deletions
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,5 +1,7 @@
 using System;
 using System.Linq;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Dto;
@@ -51,7 +53,8 @@ public class FilterController : BaseJellyfinApiController
        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] BaseItemKind[] includeItemTypes,
        [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] mediaTypes)
    {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
            ? null
            : _userManager.GetUserById(userId.Value);

@@ -143,7 +146,8 @@ public class FilterController : BaseJellyfinApiController
        [FromQuery] bool? isSeries,
        [FromQuery] bool? recursive)
    {
-        var user = userId is null || userId.Value.Equals(default)
+        userId = RequestHelpers.GetUserId(User, userId);
+        var user = userId.Value.Equals(default)
            ? null
            : _userManager.GetUserById(userId.Value);