Browse Source

add whitelist mode and fix clipboard glyph

remotes/r4jeshwar/master v1.2.0
Go Johansson 1 year ago
parent
commit
5e56fb981a
  1. 2
      dist.json
  2. 2
      package.json
  3. 2
      static/css/uguu.css
  4. 16
      static/php/includes/settings.inc.php
  5. 39
      static/php/upload.php

2
dist.json

@ -3,7 +3,7 @@
"allowErrors": false
},
"dest": "dist",
"pkgVersion": "1.1.2",
"pkgVersion": "1.2.0",
"banners": [
"banners/malware_scans.swig",
"banners/donations.swig"

2
package.json

@ -1,6 +1,6 @@
{
"name": "uguu",
"version": "1.1.2",
"version": "1.2.0",
"description": "Kawaii file host",
"homepage": "https://uguu.se/",
"repository": {

2
static/css/uguu.css

@ -232,7 +232,7 @@ nav > ul > li:last-child:after {
color: #891A18;
}
button.upload-clipboard-btn {
height: 16px;
height: 32px;
}
.error#upload-filelist .progress-percent {
color: #B94A48;

16
static/php/includes/settings.inc.php

@ -25,10 +25,14 @@ define('UGUU_DB_USER', 'NULL');
/* @param string UGUU_DB_PASS Database password */
define('UGUU_DB_PASS', 'NULL');
/** Log IP of uploads */
/**
* @param boolean Log IP of uploads
*/
define('LOG_IP', false);
/** Dont upload a file already in the DB */
/**
* @param boolean anti-dupe
*/
define('ANTI_DUPE', false);
/*
@ -78,11 +82,11 @@ define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat'
define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));
/**
* Filter mode: whitelist (true) or blacklist (false).
*
* @param bool $FILTER_MODE mime type filter mode
* Whitelist or blacklist mode
* @param boolean blacklist (false) | whitelist (true)
*/
$FILTER_MODE = false;
define('CONFIG_FILTER_MODE', false);
/**
* Double dot file extensions.
*

39
static/php/upload.php

@ -61,15 +61,34 @@ function generateName($file)
$name .= '.'.$ext;
}
//Check if MIME is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
exit(0);
}
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
exit(0);
// Check if file is whitelisted or blacklisted
switch (CONFIG_FILTER_MODE) {
case false:
//check if MIME is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
exit(0);
}
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
exit(0);
}
break;
case true:
//Check if MIME is whitelisted
if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
exit(0);
}
//Check if EXT is whitelisted
if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
exit(0);
}
break;
}
// Check if a file with the same name does already exist in the database
@ -93,8 +112,6 @@ function generateName($file)
function uploadFile($file)
{
global $db;
global $FILTER_MODE;
global $FILTER_MIME;
// Handle file errors
if ($file->error) {

Loading…
Cancel
Save