johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

API: Improve path and filename parameter sanitation #1814

Browse Source
This commit is contained in:
Michael Mayer
2021-12-14 20:01:39 +01:00
parent cce371d35a
commit 0f0c0aaa0b
100 changed files with 683 additions and 452 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/api/import.go
View File

@@ -7,18 +7,19 @@ import (
"strings"
"time"
"github.com/photoprism/photoprism/internal/query"
"github.com/gin-gonic/gin"
"github.com/photoprism/photoprism/internal/acl"
"github.com/photoprism/photoprism/internal/entity"
"github.com/photoprism/photoprism/internal/event"
"github.com/photoprism/photoprism/internal/form"
"github.com/photoprism/photoprism/internal/i18n"
"github.com/photoprism/photoprism/internal/photoprism"
"github.com/photoprism/photoprism/internal/query"
"github.com/photoprism/photoprism/internal/service"
"github.com/photoprism/photoprism/pkg/fs"
"github.com/photoprism/photoprism/pkg/txt"
"github.com/photoprism/photoprism/pkg/sanitize"
)
// StartImport imports media files from a directory and converts/indexes them as needed.
@@ -52,7 +53,7 @@ func StartImport(router *gin.RouterGroup) {
subPath := ""
path := conf.ImportPath()
if subPath = c.Param("path"); subPath != "" && subPath != "/" {
if subPath = sanitize.Path(c.Param("path")); subPath != "" && subPath != "/" {
subPath = strings.Replace(subPath, ".", "", -1)
path = filepath.Join(path, subPath)
} else if f.Path != "" {
@@ -69,15 +70,15 @@ func StartImport(router *gin.RouterGroup) {
var opt photoprism.ImportOptions
if f.Move {
event.InfoMsg(i18n.MsgMovingFilesFrom, txt.LogParam(filepath.Base(path)))
event.InfoMsg(i18n.MsgMovingFilesFrom, sanitize.Log(filepath.Base(path)))
opt = photoprism.ImportOptionsMove(path)
} else {
event.InfoMsg(i18n.MsgCopyingFilesFrom, txt.LogParam(filepath.Base(path)))
event.InfoMsg(i18n.MsgCopyingFilesFrom, sanitize.Log(filepath.Base(path)))
opt = photoprism.ImportOptionsCopy(path)
}
if len(f.Albums) > 0 {
log.Debugf("import: adding files to album %s", txt.LogParam(strings.Join(f.Albums, " and ")))
log.Debugf("import: adding files to album %s", sanitize.Log(strings.Join(f.Albums, " and ")))
opt.Albums = f.Albums
}
@@ -85,9 +86,9 @@ func StartImport(router *gin.RouterGroup) {
if subPath != "" && path != conf.ImportPath() && fs.IsEmpty(path) {
if err := os.Remove(path); err != nil {
log.Errorf("import: failed deleting empty folder %s: %s", txt.LogParam(path), err)
log.Errorf("import: failed deleting empty folder %s: %s", sanitize.Log(path), err)
} else {
log.Infof("import: deleted empty folder %s", txt.LogParam(path))
log.Infof("import: deleted empty folder %s", sanitize.Log(path))
}
}