Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-11-03 22:21:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

video_playback: Check "host" parameter validity

Browse Source
This commit is contained in:
Samantaz Fox
2022-02-11 01:36:53 +01:00
parent 955e3de56d
commit 01135db80a
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/invidious/routes/video_playback.cr
View File

@@ -14,12 +14,18 @@ module Invidious::Routes::VideoPlayback
end end
if query_params["host"]? && !query_params["host"].empty? if query_params["host"]? && !query_params["host"].empty?
host = "https://#{query_params["host"]}" host = query_params["host"]
query_params.delete("host") query_params.delete("host")
else else
host = "https://r#{fvip}---#{mns.pop}.googlevideo.com" host = "r#{fvip}---#{mns.pop}.googlevideo.com"
end end
# Sanity check, to avoid being used as an open proxy
if !host.matches?(/[\w-]+.googlevideo.com/)
return error_template(400, "Invalid \"host\" parameter.")
end
host = "https://#{host}"
url = "/videoplayback?#{query_params}" url = "/videoplayback?#{query_params}"
headers = HTTP::Headers.new headers = HTTP::Headers.new