Improve data sanitation (Fixes Tautulli/Tautulli-Issues#161)

plexpy/webserve.py

@@ -55,7 +55,7 @@ import users
 import versioncheck
 import web_socket
 from plexpy.api2 import API2
-from plexpy.helpers import checked, addtoapi, get_ip, create_https_certificates, build_datatables_json
+from plexpy.helpers import checked, addtoapi, get_ip, create_https_certificates, build_datatables_json, sanitize_out
 from plexpy.session import get_session_info, get_session_user_id, allow_session_user, allow_session_library
 from plexpy.webauth import AuthController, requireAuth, member_of
 
@@ -349,6 +349,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi("get_libraries_table")
     def get_library_list(self, **kwargs):
         """ Get the data on the Tautulli libraries table.
@@ -427,6 +428,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth(member_of("admin"))
+    @sanitize_out()
     @addtoapi("get_library_names")
     def get_library_sections(self, **kwargs):
         """ Get a list of library sections and ids on the PMS.
@@ -1014,6 +1016,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi("get_users_table")
     def get_user_list(self, **kwargs):
         """ Get the data on Tautulli users table.
@@ -1228,6 +1231,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi()
     def get_user_ips(self, user_id=None, **kwargs):
         """ Get the data on Tautulli users IP table.
@@ -1294,6 +1298,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi()
     def get_user_logins(self, user_id=None, **kwargs):
         """ Get the data on Tautulli user login table.
@@ -1575,6 +1580,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi()
     def get_history(self, user=None, user_id=None, grouping=None, **kwargs):
         """ Get the Tautulli history.
@@ -1821,6 +1827,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth()
+    @sanitize_out()
     @addtoapi()
     def get_user_names(self, **kwargs):
         """ Get a list of all user and user ids.
@@ -2293,6 +2300,7 @@ class WebInterface(object):
 
     @cherrypy.expose
     @cherrypy.tools.json_out()
+    @sanitize_out()
     @requireAuth()
     def get_sync(self, machine_id=None, user_id=None, **kwargs):
         if user_id == 'null':
@@ -2434,6 +2442,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth(member_of("admin"))
+    @sanitize_out()
     @addtoapi()
     def get_notification_log(self, **kwargs):
         """ Get the data on the Tautulli notification logs table.
@@ -2495,6 +2504,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth(member_of("admin"))
+    @sanitize_out()
     @addtoapi()
     def get_newsletter_log(self, **kwargs):
         """ Get the data on the Tautulli newsletter logs table.
@@ -5228,6 +5238,7 @@ class WebInterface(object):
     @cherrypy.expose
     @cherrypy.tools.json_out()
     @requireAuth(member_of("admin"))
+    @sanitize_out()
     @addtoapi()
     def get_synced_items(self, machine_id='', user_id='', **kwargs):
         """ Get a list of synced items on the PMS.