Comments (6)
azlux
commented on June 12, 2024
@SYZYGY-DEV333 Yes, it's quite easy to implement.
In this case, the path will be into the config file, and you will need to play it with the command !playfile file_name for example. Is that good for you ?
from mumbleradioplayer.
azlux
commented on June 12, 2024
Feature added !
from mumbleradioplayer.
LordYuuma
commented on June 12, 2024
The current implementation has a path traversal bug. Since the parameter goes through unchecked, one can chain "../" to discover potentially existing media files and play them. Potential leakage of non-media files is prevented by FFMPEG returning an error.
Below is a patch, that fixes the bug by rejecting any parameter with a slash in it. This is not ideal, especially since one would also not allow any subdirectories to be accessed, but since those tend to get long anyway, it's a good thing to not make the user remember folder structures just to play a file.
diff --git a/mumbleRadioPlayer.py b/mumbleRadioPlayer.py
index 56717e2..6c59cda 100644
--- a/mumbleRadioPlayer.py
+++ b/mumbleRadioPlayer.py
@@ -78,6 +78,9 @@ class MumbleRadioPlayer:
self.play_stream(parameter)
if command == self.config.get('command', 'play_file') and parameter:
+ if "/" in parameter:
+ self.mumble.users[text.actor].send_message(self.config.get('strings', 'bad_file'))
+ return
path = self.config.get('bot', 'music_folder') + parameter
if os.path.isfile(path):
self.launch_play_file(path)
from mumbleradioplayer.
azlux
commented on June 12, 2024
Good point !
from mumbleradioplayer.
azlux
commented on June 12, 2024
fixed in 4fb9bc2 , thank @LordYuuma
(not tested, I will have time next week)
from mumbleradioplayer.
azlux
commented on June 12, 2024
Command !list added in 84e3b83 to improve the local audio file feature.
from mumbleradioplayer.
Related Issues (17)
- Installation instructions doesn't work HOT 8
- A few questions.. HOT 4
- No sound output ? HOT 13
- Send message to bot fails when having a linebreak/enter in it HOT 4
- Logging - no timestamping and no filelogging HOT 1
- Invalid data found when processing input HOT 2
- Play Youtube sound HOT 5
- Exception in thread Thread-5 HOT 3
- Exception in thread Thread-8 HOT 3
- MumbleRadioPlayer Launch Error HOT 5
- Unable to hear voice HOT 1
- Disconnect from server without exiting program HOT 1
- Syntax exemple of !playfile ? HOT 2
- Basic player functionality HOT 4
- Problem with shoutCAST url HOT 4
- NonType HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mumbleradioplayer.