github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-07-14 01:02:59 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #345 from drzoidberg33/security-fixes

Browse source 
Security fixes
This commit is contained in:
drzoidberg33 2015-12-06 21:23:43 +02:00
commit 7546c7ef42
2 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
data/interfaces/default/notification_config.html
View file

@ -25,7 +25,7 @@ from plexpy import helpers
% endif
</div>
</div>
<p class="help-block">${item['description']}</p>
<p class="help-block">${item['description'] | n}</p>
</div>
% elif item['input_type'] == 'button':
<div class="form-group">
@ -34,14 +34,14 @@ from plexpy import helpers
<input type="${item['input_type']}" class="btn btn-bright" id="${item['name']}" name="${item['name']}" value="${item['value']}">
</div>
</div>
<p class="help-block">${item['description']}</p>
<p class="help-block">${item['description'] | n}</p>
</div>
% elif item['input_type'] == 'checkbox':
<div class="checkbox">
<label>
<input type="checkbox" data-id="${item['name']}" class="checkboxes" value="1" ${helpers.checked(item['value'])}> ${item['label']}
</label>
<p class="help-block">${item['description']}</p>
<p class="help-block">${item['description'] | n}</p>
<input type="hidden" id="${item['name']}" name="${item['name']}" value="${item['value']}">
</div>
% elif item['input_type'] == 'select':
@ -60,7 +60,7 @@ from plexpy import helpers
</select>
</div>
</div>
<p class="help-block">${item['description']}</p>
<p class="help-block">${item['description'] | n}</p>
</div>
% endif
% endfor

12
plexpy/plextv.py
View file

@ -342,13 +342,13 @@ class PlexTV(object):
rating_key = clean_uri.rpartition('%2F')[-1]
sync_details = {"device_name": device_name,
"platform": device_platform,
"username": device_username,
"friendly_name": device_friendly_name,
sync_details = {"device_name": helpers.sanitize(device_name),
"platform": helpers.sanitize(device_platform),
"username": helpers.sanitize(device_username),
"friendly_name": helpers.sanitize(device_friendly_name),
"user_id": device_user_id,
"root_title": sync_root_title,
"title": sync_title,
"root_title": helpers.sanitize(sync_root_title),
"title": helpers.sanitize(sync_title),
"metadata_type": sync_metadata_type,
"content_type": sync_content_type,
"rating_key": rating_key,