Merge pull request #343 from drzoidberg33/security-fixes

No need to sanitize same items more than once.

plexpy/datafactory.py

@@ -108,9 +108,6 @@ class DataFactory(object):
             # Rename Mystery platform names
             platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"])
 
-            # Sanitize player name
-            player = helpers.sanitize(item["player"])
-
             row = {"reference_id": item["reference_id"],
                    "id": item["id"],
                    "date": item["date"],
@@ -122,7 +119,7 @@ class DataFactory(object):
                    "user": item["user"],
                    "friendly_name": item["friendly_name"],
                    "platform": platform,
-                   "player": player,
+                   "player": item['player'],
                    "ip_address": item["ip_address"],
                    "media_type": item["media_type"],
                    "rating_key": item["rating_key"],
@@ -575,9 +572,6 @@ class DataFactory(object):
                     else:
                         thumb = item['grandparent_thumb']
 
-                    # Sanitize player name
-                    player = helpers.sanitize(item["player"])
-
                     row = {'row_id': item['id'],
                            'user': item['user'],
                            'friendly_name': item['friendly_name'],
@@ -588,7 +582,7 @@ class DataFactory(object):
                            'thumb': thumb,
                            'grandparent_thumb': item['grandparent_thumb'],
                            'last_watch': item['last_watch'],
-                           'player': player,
+                           'player': item['player']
                            }
                     last_watched.append(row)
 

plexpy/users.py

@@ -89,16 +89,13 @@ class Users(object):
             # Rename Mystery platform names
             platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"])
 
-            # Sanitize player name
-            player = helpers.sanitize(item["player"])
-
             row = {"id": item['id'],
                    "plays": item['plays'],
                    "last_seen": item['last_seen'],
                    "friendly_name": item['friendly_name'],
                    "ip_address": item['ip_address'],
                    "platform": platform,
-                   "player": player,
+                   "player": item["player"],
                    "last_watched": item['last_watched'],
                    "thumb": thumb,
                    "media_type": item['media_type'],
@@ -183,15 +180,12 @@ class Users(object):
             # Rename Mystery platform names
             platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"])
 
-            # Sanitize player name
-            player = helpers.sanitize(item["player"])
-
             row = {"id": item['id'],
                    "last_seen": item['last_seen'],
                    "ip_address": item['ip_address'],
                    "play_count": item['play_count'],
                    "platform": platform,
-                   "player": player,
+                   "player": item['player'],
                    "last_watched": item['last_watched'],
                    "thumb": thumb,
                    "media_type": item['media_type'],

plexpy/webserve.py

@@ -735,8 +735,6 @@ class WebInterface(object):
                 if not session['ip_address']:
                     ip_address = data_factory.get_session_ip(session['session_key'])
                     session['ip_address'] = ip_address
-                # Sanitize player name
-                session['player'] = helpers.sanitize(session['player'])
 
         except:
             return serve_template(templatename="current_activity.html", data=None)