Pause and Ended Shows delay, xhtml_unescape #8507
Conversation
This sanitizes and decodes arguments to unicode that are passed in web requests to the server
Also, added logging for developers for all web routes when they have parameters defined in the method signature when they shouldn't be. Each method should explicitly use get_*_argument(s) methods to ensure passed data is safe and sanitized, devoid of control characters, injection safe, and formatted in the correct type. All route methods should only have `self` as a parameter, suck as `def searchIndexersForShowName(self): lang = self.get_argument("lang", strip=True)`
…ows.py get_*_argument(s) methods return body/query arguments percent-decoded, decoded to unicode, and sanitized with control characters and other unsafe characters removed.
|
I got a bunch of it done. I'm going to try and do these other instances, and also unquote/unquote_plus that is used on route arguments (I don't want to go backwards to what was used before, it's what caused password encoding problems, show dir problems, etc and was hard to track down) Before other routes are updated to use the correct argument handling, these need gone over (I'll try to do them tonight): |
BKSteve
changed the title
This comment was marked as outdated.
This comment was marked as outdated.
|
They killed the processing. The items with the changes in index were nolonger byte strings see |
Signed-off-by: miigotu <miigotu@gmail.com>
This sanitizes and decodes arguments to unicode that are passed in web requests to the server
Also, added logging for developers for all web routes when they have parameters defined in the method signature when they shouldn't be. Each method should explicitly use get_*_argument(s) methods to ensure passed data is safe and sanitized, devoid of control characters, injection safe, and formatted in the correct type. All route methods should only have `self` as a parameter, suck as `def searchIndexersForShowName(self): lang = self.get_argument("lang", strip=True)`
…ows.py get_*_argument(s) methods return body/query arguments percent-decoded, decoded to unicode, and sanitized with control characters and other unsafe characters removed.
|
The IMDbPY isn't being updated so changed to Cinemagoer 2023.5.1 in now with Edit 20230730: |
|
When working on the trakt add show issue I note the directory and options settings no longer show at top of screen. This proves to be an issue as the cur_dir isn't known and thus the add process gets stuck. |
|
Yeah I don't want to add that code back. I'm in the middle of completely rewriting how trending and favorite and popular shows are added. They used to use a different method, I'm changing it to use new show directly and combining those 3 pages into 1. |
|
OK, will step back from this area for a couple of days. |
Signed-off-by: miigotu <miigotu@gmail.com>
…d and a notifier Signed-off-by: miigotu <miigotu@gmail.com>
…hed and make code easier to maintain Signed-off-by: miigotu <miigotu@gmail.com>
|
I messed up in a few places in the last 3 commits where |
|
I also still have to fix the add shows. If you want, you could check the add existing and normal show adding. I'll worry about the IMDb/trakt/popular lists. |
…alidly 0 Signed-off-by: miigotu <miigotu@gmail.com>
refactor variable and move more python out of the template Signed-off-by: miigotu <miigotu@gmail.com>
…fault use get_query_argument for refreshShow, updateShow, testRename Signed-off-by: miigotu <miigotu@gmail.com>
Signed-off-by: miigotu <miigotu@gmail.com>
Tested. Functional. Add: Mass Update not ok (expected) |
|
What is wrong with mass update? |
Proposed changes in this pull request: