tanner/navidrome-mopidy-playlist-sync
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Sanitize playlist names to prevent directory traversal

Browse Source 
Co-authored-by: aider (gemini/gemini-2.5-pro) <aider@aider.chat>
This commit is contained in:
Tanner Collin
2026-02-04 12:14:12 -07:00
parent 6e9f348089
commit d9194dcd76
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
main.py
View File

@@ -38,9 +38,14 @@ def run_pls_command(playlist_id):
return ""
def sanitize_for_filename(name):
"""Sanitizes a string to be safe as a filename component."""
return name.replace('/', '_').replace('\\', '_')
def save_playlist_file(playlist_dir, playlist_name, content):
"""Saves the transformed playlist content to a file."""
filename = f"{playlist_name}.m3u8"
filename = f"{sanitize_for_filename(playlist_name)}.m3u8"
filepath = os.path.join(playlist_dir, filename)
try:
with open(filepath, 'w', encoding='utf-8') as f:
@@ -52,7 +57,7 @@ def save_playlist_file(playlist_dir, playlist_name, content):
def delete_playlist_file(playlist_dir, playlist_name):
"""Deletes a playlist file."""
filename = f"{playlist_name}.m3u8"
filename = f"{sanitize_for_filename(playlist_name)}.m3u8"
filepath = os.path.join(playlist_dir, filename)
if os.path.exists(filepath):
try: