[mythtv] mythvideo DB enhancement

Michael T. Dean mtdean at thirdcontact.com
Wed Jan 9 23:58:34 UTC 2008


On 01/09/2008 06:02 PM, Stuart Auchterlonie wrote:
> Chris Pinkham wrote:
>> * On Wed Jan 09, 2008 at 04:06:42PM -0500, Daniel Kristjansson wrote:
>>>> I don't remember, but think that the current filetransfer code would
>>>> probably allow grabbing a file from a subdirectory if you issue the
>>> You would have to check for "//", "..", and symlinks in the path. You
>>> can't realistically check for hardlinks; but neither MythTV, nor any
>>> of the contrib scripts, create hardlinks.
>> That was the reason...  Parts of IRC conversations gone by are resurfacing
>> in my head.
Right.  No one felt like making the changes at the time and it seemed 
better for users to have to explicitly approve each directory from which 
content is served.

>> I just checked to verify there wasn't a hole.  MainServer::LocalFilePath()
>> is used to find files for the file transfer code.  LocalFilePath has the
>> following code to prevent this:
>>
>>     lpath = lpath.section('/', -1);
>>
>> So, we chop off any directory names before we even go looking for the file.
>>
>> It wouldn't take much code for someone to implement the above checks that
>> you describe though.
> However, starting to allow / directory delimiters at this point
> will reduce the portability of the SG code, especially given that
> a few things have been going on in the win32 arena.
>
> I'd be inclined to leave the SG code as is, and implement a SG
> for the thumbnails.

And it allows using other disks more easily than creating a bunch of 
additional mount points (i.e. one under each recording directory in your 
storage groups)...

Since I had already planned to do so, I can take the lead on it if you 
want (since we could use your >> skills for more important tasks :).  If 
George hasn't already started on it (since I offered to let him do it 
along with the MythVideo changes he's making), I'll go ahead and get it 
started.

And, back on topic, if we do take this approach for the recording 
preview pixmaps, it makes sense to me to do the same for the MythVideo 
posters.

Mike


More information about the mythtv-dev mailing list