Merge pull request from GHSA-mwcv-ghjq-8f2g

* Fix arbitrary file read WithPath endpoint * Remove WithPath Endpoint from APIv1 It's unnecessary and a security issue --------- Co-authored-by: da3dsoul <[email protected]>
ShokoAnime · Sep 28, 2023 · 6c57ba0 · 6c57ba0
1 parent 3ac5021
commit 6c57ba0
Showing 1 changed file with 0 additions and 13 deletions.
diff --git a/Shoko.Server/API/v1/Implementations/ShokoServiceImplementationImage.cs b/Shoko.Server/API/v1/Implementations/ShokoServiceImplementationImage.cs
@@ -39,19 +39,6 @@ public object GetImage(int imageid, int imageType, bool? thumnbnailOnly = false)
         return System.IO.File.OpenRead(path);
     }
 
-    [HttpGet("WithPath/{serverImagePath}")]
-    public object GetImageUsingPath(string serverImagePath)
-    {
-        if (!System.IO.File.Exists(serverImagePath))
-        {
-            logger.Trace("Could not find AniDB_Cover image: {0}", serverImagePath);
-            return NotFound();
-        }
-
-        Response.ContentType = Mime.GetMimeMapping(serverImagePath);
-        return System.IO.File.OpenRead(serverImagePath);
-    }
-
     [HttpGet("Blank")]
     public object BlankImage()
     {