forked from Fijxu/invidious
Merge pull request #2891 from SamantazFox/check-host-param
video_playback: Check "host" parameter validity
This commit is contained in:
commit
ec183e3c9a
1 changed files with 8 additions and 2 deletions
|
@ -14,12 +14,18 @@ module Invidious::Routes::VideoPlayback
|
||||||
end
|
end
|
||||||
|
|
||||||
if query_params["host"]? && !query_params["host"].empty?
|
if query_params["host"]? && !query_params["host"].empty?
|
||||||
host = "https://#{query_params["host"]}"
|
host = query_params["host"]
|
||||||
query_params.delete("host")
|
query_params.delete("host")
|
||||||
else
|
else
|
||||||
host = "https://r#{fvip}---#{mns.pop}.googlevideo.com"
|
host = "r#{fvip}---#{mns.pop}.googlevideo.com"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Sanity check, to avoid being used as an open proxy
|
||||||
|
if !host.matches?(/[\w-]+.googlevideo.com/)
|
||||||
|
return error_template(400, "Invalid \"host\" parameter.")
|
||||||
|
end
|
||||||
|
|
||||||
|
host = "https://#{host}"
|
||||||
url = "/videoplayback?#{query_params}"
|
url = "/videoplayback?#{query_params}"
|
||||||
|
|
||||||
headers = HTTP::Headers.new
|
headers = HTTP::Headers.new
|
||||||
|
|
Loading…
Reference in a new issue