starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-22 00:35:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Validate requested user id (#8812)

Browse Source
This commit is contained in:
Cody Robibero
2023-02-17 15:16:08 -07:00
committed by GitHub
parent 9979b346ea
commit a527034ebe
24 changed files with 232 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Jellyfin.Api/Controllers/PlaylistsController.cs
View File

@@ -5,6 +5,7 @@ using System.Linq;
using System.Threading.Tasks;
using Jellyfin.Api.Attributes;
using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders;
using Jellyfin.Api.Models.PlaylistDtos;
using MediaBrowser.Controller.Dto;
@@ -81,11 +82,13 @@ public class PlaylistsController : BaseJellyfinApiController
ids = createPlaylistRequest?.Ids ?? Array.Empty<Guid>();
}
userId ??= createPlaylistRequest?.UserId ?? default;
userId = RequestHelpers.GetUserId(User, userId);
var result = await _playlistManager.CreatePlaylist(new PlaylistCreationRequest
{
Name = name ?? createPlaylistRequest?.Name,
ItemIdList = ids,
UserId = userId ?? createPlaylistRequest?.UserId ?? default,
UserId = userId.Value,
MediaType = mediaType ?? createPlaylistRequest?.MediaType
}).ConfigureAwait(false);
@@ -107,7 +110,8 @@ public class PlaylistsController : BaseJellyfinApiController
[FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids,
[FromQuery] Guid? userId)
{
await _playlistManager.AddToPlaylistAsync(playlistId, ids, userId ?? Guid.Empty).ConfigureAwait(false);
userId = RequestHelpers.GetUserId(User, userId);
await _playlistManager.AddToPlaylistAsync(playlistId, ids, userId.Value).ConfigureAwait(false);
return NoContent();
}