Fix

- fixed the issue with the redirect being security threat

Author: Makhuta

custom_components/plex_recently_added/parser.py

@@ -19,8 +19,17 @@ def parse_library(root):
 
     return output
 
-import logging
-_LOGGER = logging.getLogger(__name__)
+def extract_metadata_and_type(path):
+    pattern = re.compile(r"/library/metadata/(\d+)/(thumb|art)/(\d+)")
+    match = pattern.search(path)
+    
+    if match:
+        metadata_id = match.group(1)
+        art_type = match.group(2)
+        art_id = match.group(3)
+        return metadata_id, art_type, art_id
+    
+    return None
 
 def parse_data(data, max, base_url, token, identifier, section_key, images_base_url, is_all = False):
     if is_all:
@@ -71,24 +80,12 @@ def parse_data(data, max, base_url, token, identifier, section_key, images_base_
         data_output["rating"] = ('\N{BLACK STAR} ' + str(item.get("rating"))) if int(float(item.get("rating", 0))) > 0 else ''
         data_output['summary'] = item.get('summary', '')
         data_output['trailer'] = item.get('trailer')
-        data_output["poster"] = (f'{images_base_url}?path={thumb}') if thumb else ""
-        data_output["fanart"] = (f'{images_base_url}?path={art}') if art else ""
+        thumb_IDs = extract_metadata_and_type(thumb)
+        data_output["poster"] = (f'{images_base_url}?metadata={thumb_IDs[0]}&thumb={thumb_IDs[2]}') if thumb_IDs else ""
+        art_IDs = extract_metadata_and_type(art)
+        data_output["fanart"] = (f'{images_base_url}?metadata={art_IDs[0]}&art={art_IDs[2]}') if art_IDs else ""
         data_output["deep_link"] = deep_link if identifier else None
 
-        _LOGGER.warn({
-            "fanart": {
-                "self": (f'{images_base_url}?path={item.get("art", None)}') if item.get("art", None) else "",
-                "grandparent": (f'{images_base_url}?path={item.get("grandparentArt", None)}') if item.get("grandparentArt", None) else "",
-                "current": (f'{images_base_url}?path={art}') if art else ""
-            },
-            "poster": {
-                "self": (f'{images_base_url}?path={item.get("thumb", None)}') if item.get("thumb", None) else "",
-                "parent": (f'{images_base_url}?path={item.get("parentThumb", None)}') if item.get("parentThumb", None) else "",
-                "grandparent": (f'{images_base_url}?path={item.get("grandparentThumb", None)}') if item.get("grandparentThumb", None) else "",
-                "current": (f'{images_base_url}?path={thumb}') if thumb else ""
-            }
-        })
-
         output.append(data_output)
 
     return output

custom_components/plex_recently_added/redirect.py

@@ -24,8 +24,10 @@ def __init__(self, config_entry: ConfigEntry):
         self.url = f'/{config_entry.data[CONF_NAME].lower() + "_" if len(config_entry.data[CONF_NAME]) > 0 else ""}plex_recently_added'
 
     async def get(self, request):
-        path = request.query.get("path", "")
-        url = f'{self._base_url}{path}?X-Plex-Token={self._token}'
+        metadataId = int(request.query.get("metadata", 0))
+        thumbId = int(request.query.get("thumb", 0))
+        artId = int(request.query.get("art", 0))
+        url = f'{self._base_url}/library/metadata/{metadataId}/{"thumb" if thumbId != 0 else "art"}/{thumbId if thumbId != 0 else artId if artId != 0 else ""}?X-Plex-Token={self._token}'
 
         async with ClientSession() as session:
             async with session.get(url) as res: