mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-07-05 08:51:33 +00:00
Compare commits
No commits in common. "22f6e86a12bd4a52f5cbddd76ea043cae3e3f3d0" and "7a33a412fca825b97dd6620726146544a8df058e" have entirely different histories.
22f6e86a12
...
7a33a412fc
2 changed files with 1 additions and 13 deletions
|
|
@ -108,13 +108,7 @@ class FileSystemController {
|
|||
return res.sendStatus(404)
|
||||
}
|
||||
|
||||
if (!req.user.checkCanAccessLibrary(libraryFolder.libraryId)) {
|
||||
Logger.error(`[FileSystemController] User "${req.user.username}" attempting to check path exists for library "${libraryFolder.libraryId}" without access`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
let filepath = Path.join(libraryFolder.path, directory)
|
||||
filepath = fileUtils.filePathToPOSIX(filepath)
|
||||
const filepath = Path.join(libraryFolder.path, directory)
|
||||
|
||||
// Ensure filepath is inside library folder (prevents directory traversal)
|
||||
if (!filepath.startsWith(libraryFolder.path)) {
|
||||
|
|
|
|||
|
|
@ -59,12 +59,6 @@ class MiscController {
|
|||
if (!library) {
|
||||
return res.status(404).send('Library not found')
|
||||
}
|
||||
|
||||
if (!req.user.checkCanAccessLibrary(library.id)) {
|
||||
Logger.error(`[MiscController] User "${req.user.username}" attempting to upload to library "${library.id}" without access`)
|
||||
return res.sendStatus(403)
|
||||
}
|
||||
|
||||
const folder = library.libraryFolders.find((fold) => fold.id === folderId)
|
||||
if (!folder) {
|
||||
return res.status(404).send('Folder not found')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue