chrisryn/requestarr
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix(proxy): add path validation guardrail to imageproxy (#2531)

Browse Source
This commit is contained in:
Rin
2026-02-28 02:14:05 +07:00
committed by GitHub
parent 720a75b58d
commit e086081b19
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/routes/imageproxy.ts
View File

@@ -32,6 +32,12 @@ function initTvdbImageProxy() {
router.get('/:type/*', async (req, res) => { router.get('/:type/*', async (req, res) => {
const imagePath = req.path.replace(/^\/\w+/, ''); const imagePath = req.path.replace(/^\/\w+/, '');
if (imagePath.startsWith('//') || imagePath.includes('://')) {
logger.error('Invalid URL for image proxy', { imagePath });
return res.status(403).send('Invalid URL for image proxy');
}
try { try {
let imageData; let imageData;
if (req.params.type === 'tmdb') { if (req.params.type === 'tmdb') {