From 1d3ea3fe4d38cfc1933246542b270d6e2c60a88f Mon Sep 17 00:00:00 2001
From: BKSteve <stephen.rieger@gmail.com>
Date: Fri, 26 Jul 2024 05:43:44 +0700
Subject: [PATCH] Sanitize more args (#8772)

* arg sanitizing -again

* arg sanitizing -doRename

---------

Co-authored-by: miigotu <miigotu@gmail.com>
---
 sickchill/views/home.py | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/sickchill/views/home.py b/sickchill/views/home.py
index 687b947a6b..e69113be0c 100644
--- a/sickchill/views/home.py
+++ b/sickchill/views/home.py
@@ -1721,7 +1721,9 @@ def testRename(self):
             action="previewRename",
         )
 
-    def doRename(self, show=None, eps=None):
+    def doRename(self):
+        show = self.get_body_argument("show", None)
+        eps = self.get_body_argument("eps", None)
         if not (show and eps):
             return self._genericMessage(_("Error"), _("You must specify a show and at least one episode"))
 
@@ -1841,14 +1843,18 @@ def manual_snatch_show_release(self):
 
         return self.redirect("/home/displayShow?show=" + show)
 
-    def searchEpisode(self, show=None, season=None, episode=None, downCurQuality=0):
+    def searchEpisode(self):
+        show = self.get_query_argument("show", None)
+        season = self.get_query_argument("season", None)
+        episode = self.get_query_argument("episode", None)
+        down_cur_quality = int(self.get_query_argument("downCurQuality", str(0)))
         # retrieve the episode object and fail if we can't get one
         episode_object, error_msg = self._getEpisode(show, season, episode)
         if error_msg or not episode_object:
             return json.dumps({"result": "failure", "errorMessage": error_msg})
 
         # make a queue item for it and put it on the queue
-        ep_queue_item = search_queue.ManualSearchQueueItem(episode_object.show, episode_object, bool(int(downCurQuality)))
+        ep_queue_item = search_queue.ManualSearchQueueItem(episode_object.show, episode_object, bool(down_cur_quality))
 
         settings.searchQueueScheduler.action.add_item(ep_queue_item)
 
@@ -1968,7 +1974,10 @@ def getQualityClass(episode_object):
 
         return quality_class
 
-    def searchEpisodeSubtitles(self, show=None, season=None, episode=None):
+    def searchEpisodeSubtitles(self):
+        show = self.get_query_argument("show", None)
+        season = self.get_query_argument("season", None)
+        episode = self.get_query_argument("episode", None)
         # retrieve the episode object and fail if we can't get one
         episode_object, error_msg = self._getEpisode(show, season, episode)
         if error_msg or not episode_object:
@@ -1989,7 +1998,11 @@ def searchEpisodeSubtitles(self, show=None, season=None, episode=None):
         ui.notifications.message(episode_object.show.name, status)
         return json.dumps({"result": status, "subtitles": ",".join(episode_object.subtitles)})
 
-    def playOnKodi(self, show, season, episode, host):
+    def playOnKodi(self):
+        show = self.get_query_argument("show", None)
+        season = self.get_query_argument("season", None)
+        episode = self.get_query_argument("episode", None)
+        host = self.get_query_argument("host", None)
         episode_object, error_msg = self._getEpisode(show, season, episode)
         if error_msg or not episode_object:
             print("error")
@@ -1998,7 +2011,11 @@ def playOnKodi(self, show, season, episode, host):
         sickchill.oldbeard.notifiers.kodi_notifier.play_episode(episode_object, host)
         return json.dumps({"result": "success"})
 
-    def retrySearchSubtitles(self, show, season, episode, lang):
+    def retrySearchSubtitles(self):
+        show = self.get_query_argument("show", None)
+        season = self.get_query_argument("season", None)
+        episode = self.get_query_argument("episode", None)
+        lang = self.get_query_argument("lang", None)
         # retrieve the episode object and fail if we can't get one
         episode_object, error_msg = self._getEpisode(show, season, episode)
         if error_msg or not episode_object:
@@ -2095,14 +2112,18 @@ def setSceneNumbering(self, show, indexer, forSeason=None, forEpisode=None, forA
 
         return json.dumps(result)
 
-    def retryEpisode(self, show, season, episode, downCurQuality=0):
+    def retryEpisode(self):
+        show = self.get_query_argument("show", None)
+        season = self.get_query_argument("season", None)
+        episode = self.get_query_argument("episode", None)
+        down_cur_quality = int(self.get_query_argument("downCurQuality", str(0)))
         # retrieve the episode object and fail if we can't get one
         episode_object, error_msg = self._getEpisode(show, season, episode)
         if error_msg or not episode_object:
             return json.dumps({"result": "failure", "errorMessage": error_msg})
 
         # make a queue item for it and put it on the queue
-        ep_queue_item = search_queue.FailedQueueItem(episode_object.show, [episode_object], bool(int(downCurQuality)))
+        ep_queue_item = search_queue.FailedQueueItem(episode_object.show, [episode_object], bool(down_cur_quality))
         settings.searchQueueScheduler.action.add_item(ep_queue_item)
 
         if not ep_queue_item.started and ep_queue_item.success is None: