Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undesired access to all files via getid3 plugin #53

Open
nonplusnl opened this issue Jul 21, 2017 · 1 comment
Open

Undesired access to all files via getid3 plugin #53

nonplusnl opened this issue Jul 21, 2017 · 1 comment

Comments

@nonplusnl
Copy link

For security, I have the option 'allow_access_to_all_files' switched to 'false'.
However, I discovered that when clicking on 'file details', the getid3-plugin offers a browse possibility via which the entire file system is visible. It is only viewable, but even this already seems to me an unwanted security hole. Is there a solution, apart from deleting the entire plugin?

Steps to reproduce: for a random music file in O!MPD, click on 'file details'. Top line on screen shows 'Browse'. From there, it is possible to navigate through the entire directory tree (as far as rights permit, of course)
@othmar52
Copy link
Contributor

@ArturSierzant Some time ago i already solved this issue

@see viewDumpId3.php
Instead of using the included views of getid3 i just used the library for extracting tag data and created the markup myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@othmar52 @nonplusnl