evlli/hass-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Guard against non http schemes (#69938)

Browse source
This commit is contained in:
Paulus Schoutsen 2022-04-12 15:27:20 -07:00 committed by GitHub
parent d57863946d
commit f6a3598070
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
homeassistant/components/media_player/browse_media.py
View file

@ -32,6 +32,9 @@ def async_process_play_media_url(
"""Update a media URL with authentication if it points at Home Assistant."""
parsed = yarl.URL(media_content_id)
if parsed.scheme and parsed.scheme not in ("http", "https"):
return media_content_id
if parsed.is_absolute():
if not is_hass_url(hass, media_content_id):
return media_content_id

5
tests/components/media_player/test_browse_media.py
View file

@ -36,6 +36,11 @@ async def test_process_play_media_url(hass, mock_sign_path):
async_process_play_media_url(hass, "https://not-hass.com/path")
== "https://not-hass.com/path"
)
# Not changing a url that is not http/https
assert (
async_process_play_media_url(hass, "file:///tmp/test.mp3")
== "file:///tmp/test.mp3"
)
# Testing signing hass URLs
assert (