Browse Source

support for blacklist & fix for make

This version introduces support for a blacklist DB and other changes as to work when the Moe Panel is released.

You NEED to use the new DB schema for this version to work!

Also fixes wrong name for layout_index.swig
remotes/r4jeshwar/master v1.3.0
Go Johansson 11 months ago
parent
commit
d0b9cbdcac
  1. 2
      dist.json
  2. 26
      mysql_schema.sql
  3. 2
      package.json
  4. 12
      sqlite_schema.sql
  5. 6
      static/php/includes/settings.inc.php
  6. 40
      static/php/upload.php
  7. 0
      templates/layout_index.swig

2
dist.json

@ -3,7 +3,7 @@
"allowErrors": false
},
"dest": "dist",
"pkgVersion": "1.2.0",
"pkgVersion": "1.3.0",
"banners": [
"banners/malware_scans.swig",
"banners/donations.swig"

26
mysql_schema.sql

@ -0,0 +1,26 @@
CREATE TABLE `files` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`filename` varchar(30) default NULL,
`size` int(15) DEFAULT NULL,
`date` int(15) DEFAULT NULL,
`ip` char(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `accounts` (
`id` int(20) unsigned NOT NULL auto_increment,
`email` varchar(255) default NULL,
`pass` varchar(255) default NULL,
`level` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `blacklist` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`time` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

2
package.json

@ -1,6 +1,6 @@
{
"name": "uguu",
"version": "1.2.0",
"version": "1.3.0",
"description": "Kawaii file host",
"homepage": "https://uguu.se/",
"repository": {

12
sqlite_schema.sql

@ -10,4 +10,16 @@ CREATE TABLE `files` (
, `date` integer default NULL
, `ip` char(15) default NULL
);
CREATE TABLE `accounts` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `email` varchar(255) default NULL
, `pass` varchar(255) default NULL
, `level` integer default NULL
);
CREATE TABLE `blacklist` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `hash` char(40) default NULL
, `originalname` varchar(255) default NULL
, `time` integer default NULL
);
END TRANSACTION;

6
static/php/includes/settings.inc.php

@ -35,6 +35,12 @@ define('LOG_IP', false);
*/
define('ANTI_DUPE', false);
/**
* @param boolean blacklist DB
* ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA!
*/
define('BLACKLIST_DB', false);
/*
* File system location where to store uploaded files
*

40
static/php/upload.php

@ -61,6 +61,22 @@ function generateName($file)
$name .= '.'.$ext;
}
// Check if the file is blacklisted
if(BLACKLIST_DB){
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
// Check if file is whitelisted or blacklisted
switch (CONFIG_FILTER_MODE) {
@ -68,12 +84,20 @@ function generateName($file)
//check if MIME is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
exit(0);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
exit(0);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
break;
@ -81,12 +105,20 @@ function generateName($file)
//Check if MIME is whitelisted
if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
exit(0);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
//Check if EXT is whitelisted
if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
exit(0);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
break;
}

0
templates/layout index.swig → templates/layout_index.swig

Loading…
Cancel
Save