LAB/agregarr_agregarr
1
0
Fork 0
mirror of https://github.com/agregarr/agregarr.git synced 2026-03-30 00:02:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
agregarr_agregarr/server
History
bitr8 5ed40a3832
fix: path traversal in overlay template export (#513) 
The overlay template export endpoints resolve asset paths with a
fallback to path.join(cwd, assetPath), allowing arbitrary file reads
via crafted asset paths.

- Remove unrestricted cwd fallback from both export endpoints
- Restrict resolution to config/uploads/ and config/posters/
- Add path.resolve() containment check

Co-authored-by: bitr8 <bitr8@users.noreply.github.com>
2026-03-17 21:03:13 +13:00
..
api
fix(placeholders): add Plex Webhook support to mark placeholders as unwatched
2026-03-15 23:42:12 +13:00
constants
entity
feat(overlays): add ability to tag and sort overlays. add grid size option
2026-02-02 03:01:31 +13:00
interfaces/api
job
feat(plex watchlist): adds plex watchlist grabbing via overseerr and radarr/sonarr
2025-12-16 11:40:39 +13:00
lib
perf(letterboxd): reduce Playwright usage and parallelise TMDB resolution
2026-03-17 21:00:33 +13:00
middleware
migration
feat(overlays): add ability to tag and sort overlays. add grid size option
2026-02-02 03:01:31 +13:00
models
routes
fix: path traversal in overlay template export (#513)
2026-03-17 21:03:13 +13:00
scripts
feat(sources): add actor and director collections with seperators (#198)
2025-12-17 00:17:23 +13:00
types
utils
feat(overlays): add date format options for US and UK/AU locales (#446)
2026-02-06 11:14:03 +13:00
datasource.ts
index.ts
fix(placeholders): add Plex Webhook support to mark placeholders as unwatched
2026-03-15 23:42:12 +13:00
logger.ts
tsconfig.json