LAB/agregarr_agregarr
1
0
Fork 0
mirror of https://github.com/agregarr/agregarr.git synced 2026-03-30 00:02:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
agregarr_agregarr/server/routes
History
bitr8 5ed40a3832
fix: path traversal in overlay template export (#513) 
The overlay template export endpoints resolve asset paths with a
fallback to path.join(cwd, assetPath), allowing arbitrary file reads
via crafted asset paths.

- Remove unrestricted cwd fallback from both export endpoints
- Restrict resolution to config/uploads/ and config/posters/
- Add path.resolve() containment check

Co-authored-by: bitr8 <bitr8@users.noreply.github.com>
2026-03-17 21:03:13 +13:00
..
settings
fix(radarr-sonarr): show auto-generated tag in collection config
2026-01-29 18:54:40 +13:00
user
feat: first release
2025-08-25 01:48:34 +12:00
anilist.ts
fix(uploads): add authentication to poster export/import, trakt, and anime routes
2026-03-02 23:59:02 +13:00
auth.ts
feat: first release
2025-08-25 01:48:34 +12:00
collection-posters.ts
fix(poster storage): add temp cleanup, add usage checker for posters before deletion
2025-12-16 02:54:25 +13:00
collections-preview.ts
feat(collections): Add custom TMDB Collection Builder (#416)
2026-02-02 16:18:20 +13:00
collections.ts
fix(collection-posters): add pre-existing collections to preview, add real posters to content grid
2026-01-18 19:36:05 +13:00
dashboard.ts
feat: first release
2025-08-25 01:48:34 +12:00
defaulthubs.ts
fix: multiple minor fixes
2025-09-01 19:22:54 +12:00
discovery.ts
chore(discovery): adds better frontend error messaging for discovery
2025-11-29 20:06:35 +13:00
exclusions.ts
feat(item exclusions): individual items can now be excluded from lists globally
2025-10-09 10:15:06 +13:00
fetch-title.ts
fix(letterboxd): add cloudflare solver for leterboxd
2026-01-22 14:15:50 +13:00
filesystem.ts
feat(poster overlays): poster Overlays for individual items can now be created
2025-11-27 14:14:04 +13:00
fonts.ts
fix(posters): add custom fonts support
2025-12-31 14:46:40 +13:00
hubs.ts
feat: first release
2025-08-25 01:48:34 +12:00
index.ts
fix(uploads): add authentication to poster export/import, trakt, and anime routes
2026-03-02 23:59:02 +13:00
media-type.ts
Add Trakt OAuth (#192)
2025-12-14 17:39:14 +13:00
media.ts
feat: first release
2025-08-25 01:48:34 +12:00
missing-items.ts
feat: first release
2025-08-25 01:48:34 +12:00
myanimelist.ts
fix(uploads): add authentication to poster export/import, trakt, and anime routes
2026-03-02 23:59:02 +13:00
overlayLibraryConfigs.ts
perf(overlays): add TMDB poster caching and fix race conditions (#277)
2026-01-03 22:14:12 +13:00
overlayMappings.ts
feat(overlays): add 'mapped icons' element, allowing variables to be mapped to icons
2026-02-02 00:39:07 +13:00
overlaySettings.ts
feat(poster sources): adds local poster source option
2025-12-14 10:48:00 +13:00
overlayTemplates.ts
fix(overlays): add TVDB TV Status as additional TV Status option
2026-02-13 11:31:45 +13:00
overlayTest.ts
fix(overlays): correct air date today logic for next episode and season (#496)
2026-03-03 00:16:56 +13:00
overseerr.ts
feat(tags): tags can now be created directly in agregarr
2026-01-29 17:51:28 +13:00
plex-webhook.ts
fix(placeholders): add Plex Webhook support to mark placeholders as unwatched
2026-03-15 23:42:12 +13:00
posters.ts
fix: path traversal in overlay template export (#513)
2026-03-17 21:03:13 +13:00
preexisting.ts
fix(collection-posters): add pre-existing collections to preview, add real posters to content grid
2026-01-18 19:36:05 +13:00
ratings.ts
fix(ratings): iMDb TV show ratings added, RT fallback added
2025-11-12 01:05:19 +13:00
reorder.ts
fix: plex home/recommended ordering
2025-08-30 21:27:36 +12:00
search.ts
feat(overlays): add Plex Labels as condition
2026-02-02 20:55:56 +13:00
service.ts
feat: first release
2025-08-25 01:48:34 +12:00
sourceColors.ts
fix(poster templates): add import/export, add fonts, add layers (major rework)
2025-09-24 02:17:49 +12:00
trakt-oauth.ts
fix(uploads): add authentication to poster export/import, trakt, and anime routes
2026-03-02 23:59:02 +13:00
uploads.ts
fix: path traversal in overlay template export (#513)
2026-03-17 21:03:13 +13:00