groove/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-03-06 07:59:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge 397613795f into 1d0b7e383a

Browse source
This commit is contained in:
Scott A Miller-Tatasciore 2026-02-25 02:55:11 +01:00 committed by GitHub
commit f37944b761
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 27 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/controllers/FileSystemController.js
View file

@ -88,7 +88,7 @@ class FileSystemController {
return res.sendStatus(403)
}
const { directory, folderPath } = req.body
const { folderPath, directory, fileName } = req.body
if (!directory?.length || typeof directory !== 'string' || !folderPath?.length || typeof folderPath !== 'string') {
Logger.error(`[FileSystemController] Invalid request body: ${JSON.stringify(req.body)}`)
return res.status(400).json({
@ -113,7 +113,7 @@ class FileSystemController {
return res.sendStatus(403)
}
let filepath = Path.join(libraryFolder.path, directory)
let filepath = Path.join(libraryFolder.path, directory, fileName)
filepath = fileUtils.filePathToPOSIX(filepath)
// Ensure filepath is inside library folder (prevents directory traversal)