Skip to content

Commit 6c57ba0

Browse files
Kwstubbsda3dsoul
andauthored
Merge pull request from GHSA-mwcv-ghjq-8f2g
* Fix arbitrary file read WithPath endpoint * Remove WithPath Endpoint from APIv1 It's unnecessary and a security issue --------- Co-authored-by: da3dsoul <da3dsoul@gmail.com>
1 parent 3ac5021 commit 6c57ba0

File tree

1 file changed

+0
-13
lines changed

1 file changed

+0
-13
lines changed

Diff for: Shoko.Server/API/v1/Implementations/ShokoServiceImplementationImage.cs

-13
Original file line numberDiff line numberDiff line change
@@ -39,19 +39,6 @@ public object GetImage(int imageid, int imageType, bool? thumnbnailOnly = false)
3939
return System.IO.File.OpenRead(path);
4040
}
4141

42-
[HttpGet("WithPath/{serverImagePath}")]
43-
public object GetImageUsingPath(string serverImagePath)
44-
{
45-
if (!System.IO.File.Exists(serverImagePath))
46-
{
47-
logger.Trace("Could not find AniDB_Cover image: {0}", serverImagePath);
48-
return NotFound();
49-
}
50-
51-
Response.ContentType = Mime.GetMimeMapping(serverImagePath);
52-
return System.IO.File.OpenRead(serverImagePath);
53-
}
54-
5542
[HttpGet("Blank")]
5643
public object BlankImage()
5744
{

0 commit comments

Comments
 (0)