Describe the bug
The filePathSuffix value provided via SelectFilePathSuffixDialog is sent directly as override_file_path_suffix to /api/v1/tv/torrents, and on the backend this suffix is concatenated into episode filenames/paths without sanitization. An attacker with access to this dialog can supply values containing ../ or path separators so that, when imports run, files are written outside the intended show/season directory (path traversal / arbitrary file overwrite). Harden this by validating and normalizing override_file_path_suffix server-side (e.g. restrict to a safe character set and reject .. and path separators) and by treating it strictly as a filename suffix, not a partial path.
Version
master
Describe the bug
The filePathSuffix value provided via SelectFilePathSuffixDialog is sent directly as override_file_path_suffix to /api/v1/tv/torrents, and on the backend this suffix is concatenated into episode filenames/paths without sanitization. An attacker with access to this dialog can supply values containing ../ or path separators so that, when imports run, files are written outside the intended show/season directory (path traversal / arbitrary file overwrite). Harden this by validating and normalizing override_file_path_suffix server-side (e.g. restrict to a safe character set and reject .. and path separators) and by treating it strictly as a filename suffix, not a partial path.
Version
master