From 4d582062fba09f69fb40658fbe02b4f527dc46af Mon Sep 17 00:00:00 2001
From: Nicolas Mowen <nickmowen213@gmail.com>
Date: Tue, 14 Oct 2025 15:29:20 -0600
Subject: [PATCH] Ensure that a user must provide an image in an expected
 location (#20491)

* Ensure that a user must provide an image in an expected location

* Use const
---
 frigate/api/export.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/frigate/api/export.py b/frigate/api/export.py
index 160434c68..44ec05c15 100644
--- a/frigate/api/export.py
+++ b/frigate/api/export.py
@@ -8,6 +8,7 @@ from pathlib import Path
 import psutil
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import JSONResponse
+from pathvalidate import sanitize_filepath
 from peewee import DoesNotExist
 from playhouse.shortcuts import model_to_dict
 
@@ -15,7 +16,7 @@ from frigate.api.auth import require_role
 from frigate.api.defs.request.export_recordings_body import ExportRecordingsBody
 from frigate.api.defs.request.export_rename_body import ExportRenameBody
 from frigate.api.defs.tags import Tags
-from frigate.const import EXPORT_DIR
+from frigate.const import CLIPS_DIR, EXPORT_DIR
 from frigate.models import Export, Previews, Recordings
 from frigate.record.export import (
     PlaybackFactorEnum,
@@ -54,7 +55,14 @@ def export_recording(
     playback_factor = body.playback
     playback_source = body.source
     friendly_name = body.name
-    existing_image = body.image_path
+    existing_image = sanitize_filepath(body.image_path) if body.image_path else None
+
+    # Ensure that existing_image is a valid path
+    if existing_image and not existing_image.startswith(CLIPS_DIR):
+        return JSONResponse(
+            content=({"success": False, "message": "Invalid image path"}),
+            status_code=400,
+        )
 
     if playback_source == "recordings":
         recordings_count = (