github/lidarr
1
0
Fork 0
mirror of https://github.com/lidarr/lidarr.git synced 2025-07-12 08:07:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed: Security Vulnerabilities allowing authentication to be bypass

Browse source
This commit is contained in:
Qstick 2017-12-13 21:46:44 -05:00
parent 4525f99370
commit 2ccc5af8d0
6 changed files with 116 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Lidarr.Http/Frontend/Mappers/StaticResourceMapper.cs
View file

@ -1,4 +1,4 @@
using System.IO;
using System.IO;
using NLog;
using NzbDrone.Common.Disk;
using NzbDrone.Common.EnvironmentInfo;
@ -28,13 +28,15 @@ namespace Lidarr.Http.Frontend.Mappers
public override bool CanHandle(string resourceUrl)
{
if (resourceUrl.StartsWith("/Content/Images/Icons/manifest") ||
resourceUrl.StartsWith("/Content/Images/Icons/browserconfig"))
resourceUrl = resourceUrl.ToLowerInvariant();
if (resourceUrl.StartsWith("/content/images/icons/manifest") ||
resourceUrl.StartsWith("/content/images/icons/browserconfig"))
{
return false;
}
return resourceUrl.StartsWith("/Content") ||
return resourceUrl.StartsWith("/content") ||
resourceUrl.EndsWith(".js") ||
resourceUrl.EndsWith(".map") ||
resourceUrl.EndsWith(".css") ||
@ -43,4 +45,4 @@ namespace Lidarr.Http.Frontend.Mappers
resourceUrl.EndsWith("oauth.html");
}
}
}
}