Dispatcharr/core
2026-05-01 17:54:25 -05:00
..
fixtures feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
management/commands fix: ensure PGSSL* environment variables are explicitly set by stripping inherited values 2026-03-31 09:51:09 -05:00
migrations Enhancement: VOD start/stop notifications and system events. 2026-04-23 18:03:02 -05:00
__init__.py Alpha v3 2025-02-21 15:31:59 -06:00
admin.py modified database fields for consistency, removed custom_url from streams (no longer needed) 2025-03-16 09:07:10 -04:00
api_urls.py feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
api_views.py security: proxy streaming endpoints (stream_ts, stream_xc, stream_vod, head_vod, stream_xc_movie, stream_xc_episode) use @permission_classes([AllowAny]) (access is controlled by the per-stream-type network allow-list inside the view body); the UserAgentViewSet, StreamProfileViewSet, CoreSettingsViewSet, and ProxySettingsViewSet gained get_permissions() methods mapping read actions to IsStandardUser and write actions to IsAdmin; and AuthViewSet.logout was updated to return [Authenticated()]. 2026-04-10 10:47:50 -05:00
apps.py Bug Fix: EPG program times shifted by host offset when /etc/localtime is mounted. (Fixes #651) 2026-05-01 17:54:25 -05:00
command_utils.py Bypass redis for management commands. 2025-03-22 12:23:54 -05:00
developer_notifications.py Fix #954: Superuser detection; Feature #1004: User account disable/enable 2026-02-22 18:05:02 -06:00
models.py Enhancement: VOD start/stop notifications and system events. 2026-04-23 18:03:02 -05:00
redis_pubsub.py initial run of a binary and encoded redis client - no more encoding / decoding data into redis, huge PITA (still some outstanding spots I need to patch) 2025-10-25 08:15:39 -04:00
scheduling.py feat(scheduling): add cron builder and refactor scheduling components (Closes #165) 2026-02-12 18:08:13 -06:00
serializers.py fix: guard CoreSettings list getters against corrupted stored data 2026-03-15 16:30:50 -05:00
signals.py feat: add system notifications and update checks 2026-02-03 09:24:02 -06:00
tasks.py chore(cleanup): - Removed dead VODConnectionManager class (apps/proxy/vod_proxy/connection_manager.py) and its associated helpers, which had been superseded by MultiWorkerVODConnectionManager. All active code already used the multi-worker implementation. Removed the unused VODConnectionManager import from vod_proxy/views.py, the unscheduled cleanup_vod_connections task from apps/proxy/tasks.py, and the unscheduled cleanup_vod_persistent_connections task from core/tasks.py. 2026-04-09 19:59:50 -05:00
tests.py fix: pass TLS parameters to all external connection points in modular mode 2026-03-30 20:19:27 -05:00
urls.py Pre-Alpha v4 2025-02-24 15:04:03 -06:00
utils.py security: Fixed path traversal vulnerability in file uploads. The M3U account upload (apps/m3u/api_views.py), logo upload (apps/channels/api_views.py), and backup upload (apps/backups/api_views.py) all used the uploaded filename directly without sanitization. os.path.join() discards all preceding components when it encounters an absolute path segment, and pathlib's / operator behaves identically; a relative ../ sequence also escapes via OS path resolution at open() time. All three upload paths now strip directory components via Path(name).name and validate the resolved path remains within the intended upload directory. Exploiting any of these required admin credentials. 2026-04-09 21:32:36 -05:00
views.py Bug Fix: M3U profile URL rewriting now uses the regex module instead of re across all URL transform code paths (url_utils.transform_url, core/views.py, vod_proxy/_transform_url, tasks.get_transformed_credentials, and the WebSocket live-preview handler in consumers.py). The regex module natively accepts JavaScript/PCRE-style named capture groups ((?<name>...)) without any conversion, eliminating the root cause of patterns that matched in the frontend live preview but failed on the backend with a re.error. As a further improvement, regex also supports variable-length lookbehind assertions (e.g. (?<=a+)), which re rejects with an error; patterns using these will now work correctly on the backend as well. Replace-pattern JS tokens are still normalised before calling regex.sub: $<name>\g<name> and $1/$2/… → \1/\2/… (Python replacement syntax). Also fixed a bug in the WebSocket preview handler where a pattern error was incorrectly returning the search pattern string as the preview output instead of the original URL. (Fixes #1005) 2026-03-29 17:55:08 -05:00
xtream_codes.py fleshed out user limits and termination logic 2026-03-25 17:33:26 -04:00