From b47ccd06f937ac716d344bcdeca6987cae530195 Mon Sep 17 00:00:00 2001 From: Jonathan Wong Date: Sat, 5 Dec 2015 23:26:54 -0800 Subject: [PATCH] Sanitize player name --- data/interfaces/default/home_stats.html | 6 +++--- plexpy/datafactory.py | 12 +++++++++--- plexpy/helpers.py | 6 ++++++ plexpy/users.py | 15 ++++++++++++--- plexpy/webserve.py | 10 +++++----- 5 files changed, 35 insertions(+), 14 deletions(-) diff --git a/data/interfaces/default/home_stats.html b/data/interfaces/default/home_stats.html index 10832c41..e3773f3f 100644 --- a/data/interfaces/default/home_stats.html +++ b/data/interfaces/default/home_stats.html @@ -39,7 +39,7 @@ user_id Returns the user id for the associated stat. friendly_name Returns the friendly name of the user for the associated stat. == Only if 'stat_id' is 'top_platform' or 'last_watched' == -platform_type Returns the platform name for the associated stat. +player Returns the player name for the associated stat. == Only if 'stat_id' is 'last_watched' == last_watch Returns the time the media item was last watched. @@ -709,7 +709,7 @@ DOCUMENTATION :: END - - ${top_stat['rows'][0]['platform_type']} + - ${top_stat['rows'][0]['player']}

@@ -755,7 +755,7 @@ DOCUMENTATION :: END - - ${top_stat['rows'][loop.index]['platform_type']} + - ${top_stat['rows'][loop.index]['player']}

diff --git a/plexpy/datafactory.py b/plexpy/datafactory.py index 544df9f7..ca218bf3 100644 --- a/plexpy/datafactory.py +++ b/plexpy/datafactory.py @@ -108,6 +108,9 @@ class DataFactory(object): # Rename Mystery platform names platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"]) + # Sanitize player name + player = helpers.sanitize(item["player"]) + row = {"reference_id": item["reference_id"], "id": item["id"], "date": item["date"], @@ -119,7 +122,7 @@ class DataFactory(object): "user": item["user"], "friendly_name": item["friendly_name"], "platform": platform, - "player": item["player"], + "player": player, "ip_address": item["ip_address"], "media_type": item["media_type"], "rating_key": item["rating_key"], @@ -545,7 +548,7 @@ class DataFactory(object): 'session_history_metadata.thumb, ' \ 'session_history_metadata.grandparent_thumb, ' \ 'MAX(session_history.started) as last_watch, ' \ - 'session_history.player as platform, ' \ + 'session_history.player, ' \ '((CASE WHEN session_history.view_offset IS NULL THEN 0.1 ELSE \ session_history.view_offset * 1.0 END) / \ (CASE WHEN session_history_metadata.duration IS NULL THEN 1.0 ELSE \ @@ -571,6 +574,9 @@ class DataFactory(object): thumb = item[7] else: thumb = item[8] + + # Sanitize player name + player = helpers.sanitize(item["player"]) row = {'row_id': item[0], 'user': item[1], @@ -582,7 +588,7 @@ class DataFactory(object): 'thumb': thumb, 'grandparent_thumb': item[8], 'last_watch': item[9], - 'platform_type': item[10], + 'player': player, } last_watched.append(row) diff --git a/plexpy/helpers.py b/plexpy/helpers.py index e5f5cc42..64b796db 100644 --- a/plexpy/helpers.py +++ b/plexpy/helpers.py @@ -430,3 +430,9 @@ def process_json_kwargs(json_kwargs): params = json.loads(json_kwargs) return params + +def sanitize(string): + if string: + return str(string).replace('<','<').replace('>','>') + else: + return '' \ No newline at end of file diff --git a/plexpy/users.py b/plexpy/users.py index bccda2f7..e932e6c8 100644 --- a/plexpy/users.py +++ b/plexpy/users.py @@ -89,13 +89,16 @@ class Users(object): # Rename Mystery platform names platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"]) + # Sanitize player name + player = helpers.sanitize(item["player"]) + row = {"id": item['id'], "plays": item['plays'], "last_seen": item['last_seen'], "friendly_name": item['friendly_name'], "ip_address": item['ip_address'], "platform": platform, - "player": item['player'], + "player": player, "last_watched": item['last_watched'], "thumb": thumb, "media_type": item['media_type'], @@ -180,12 +183,15 @@ class Users(object): # Rename Mystery platform names platform = common.PLATFORM_NAME_OVERRIDES.get(item["platform"], item["platform"]) + # Sanitize player name + player = helpers.sanitize(item["player"]) + row = {"id": item['id'], "last_seen": item['last_seen'], "ip_address": item['ip_address'], "play_count": item['play_count'], "platform": platform, - "player": item['player'], + "player": player, "last_watched": item['last_watched'], "thumb": thumb, "media_type": item['media_type'], @@ -531,7 +537,10 @@ class Users(object): # Rename Mystery platform names platform_type = common.PLATFORM_NAME_OVERRIDES.get(item[2], item[2]) - row = {'player_name': item[0], + # Sanitize player name + player = helpers.sanitize(item[0]) + + row = {'player_name': player, 'platform_type': platform_type, 'total_plays': item[1], 'result_id': result_id diff --git a/plexpy/webserve.py b/plexpy/webserve.py index 89065bf5..a3b237e8 100644 --- a/plexpy/webserve.py +++ b/plexpy/webserve.py @@ -1,7 +1,4 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -# This file is part of PlexPy. +# This file is part of PlexPy. # # PlexPy is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +13,7 @@ # You should have received a copy of the GNU General Public License # along with PlexPy. If not, see . -from plexpy import logger, notifiers, plextv, pmsconnect, common, log_reader, datafactory, graphs, users +from plexpy import logger, notifiers, plextv, pmsconnect, common, log_reader, datafactory, graphs, users, helpers from plexpy.helpers import checked, radio from mako.lookup import TemplateLookup @@ -738,6 +735,9 @@ class WebInterface(object): if not session['ip_address']: ip_address = data_factory.get_session_ip(session['session_key']) session['ip_address'] = ip_address + # Sanitize player name + session['player'] = helpers.sanitize(session['player']) + except: return serve_template(templatename="current_activity.html", data=None)