From d0b9cbdcac9205db12875eadf279966aeec09981 Mon Sep 17 00:00:00 2001 From: nokonoko Date: Sun, 4 Jul 2021 13:19:35 +0200 Subject: [PATCH] support for blacklist & fix for make This version introduces support for a blacklist DB and other changes as to work when the Moe Panel is released. You NEED to use the new DB schema for this version to work! Also fixes wrong name for layout_index.swig --- dist.json | 2 +- mysql_schema.sql | 26 ++++++++++++ package.json | 2 +- sqlite_schema.sql | 12 ++++++ static/php/includes/settings.inc.php | 6 +++ static/php/upload.php | 40 +++++++++++++++++-- .../{layout index.swig => layout_index.swig} | 0 7 files changed, 82 insertions(+), 6 deletions(-) create mode 100644 mysql_schema.sql rename templates/{layout index.swig => layout_index.swig} (100%) diff --git a/dist.json b/dist.json index d6e30db..5a8dd91 100644 --- a/dist.json +++ b/dist.json @@ -3,7 +3,7 @@ "allowErrors": false }, "dest": "dist", - "pkgVersion": "1.2.0", + "pkgVersion": "1.3.0", "banners": [ "banners/malware_scans.swig", "banners/donations.swig" diff --git a/mysql_schema.sql b/mysql_schema.sql new file mode 100644 index 0000000..4300534 --- /dev/null +++ b/mysql_schema.sql @@ -0,0 +1,26 @@ +CREATE TABLE `files` ( + `id` int(20) unsigned NOT NULL auto_increment, + `hash` char(40) DEFAULT NULL, + `originalname` varchar(255) default NULL, + `filename` varchar(30) default NULL, + `size` int(15) DEFAULT NULL, + `date` int(15) DEFAULT NULL, + `ip` char(15) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE `accounts` ( + `id` int(20) unsigned NOT NULL auto_increment, + `email` varchar(255) default NULL, + `pass` varchar(255) default NULL, + `level` int(15) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; + +CREATE TABLE `blacklist` ( + `id` int(20) unsigned NOT NULL auto_increment, + `hash` char(40) DEFAULT NULL, + `originalname` varchar(255) default NULL, + `time` int(15) DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; \ No newline at end of file diff --git a/package.json b/package.json index 48c2871..a04b17e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "uguu", - "version": "1.2.0", + "version": "1.3.0", "description": "Kawaii file host", "homepage": "https://uguu.se/", "repository": { diff --git a/sqlite_schema.sql b/sqlite_schema.sql index db3b7ee..810f69f 100644 --- a/sqlite_schema.sql +++ b/sqlite_schema.sql @@ -10,4 +10,16 @@ CREATE TABLE `files` ( , `date` integer default NULL , `ip` char(15) default NULL ); +CREATE TABLE `accounts` ( + `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT +, `email` varchar(255) default NULL +, `pass` varchar(255) default NULL +, `level` integer default NULL +); +CREATE TABLE `blacklist` ( + `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT +, `hash` char(40) default NULL +, `originalname` varchar(255) default NULL +, `time` integer default NULL +); END TRANSACTION; diff --git a/static/php/includes/settings.inc.php b/static/php/includes/settings.inc.php index 58e9738..d378931 100644 --- a/static/php/includes/settings.inc.php +++ b/static/php/includes/settings.inc.php @@ -35,6 +35,12 @@ define('LOG_IP', false); */ define('ANTI_DUPE', false); +/** + * @param boolean blacklist DB + * ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA! + */ +define('BLACKLIST_DB', false); + /* * File system location where to store uploaded files * diff --git a/static/php/upload.php b/static/php/upload.php index 9448151..2f1679b 100644 --- a/static/php/upload.php +++ b/static/php/upload.php @@ -61,6 +61,22 @@ function generateName($file) $name .= '.'.$ext; } + // Check if the file is blacklisted + if(BLACKLIST_DB){ + $q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); + $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); + $q->execute(); + $result = $q->fetch(); + if ($result['count'] > 0) { + http_response_code(415); + throw new Exception( + 'File blacklisted!', + 415 + ); + exit(0); + } + } + // Check if file is whitelisted or blacklisted switch (CONFIG_FILTER_MODE) { @@ -68,12 +84,20 @@ function generateName($file) //check if MIME is blacklisted if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { http_response_code(415); - exit(0); + throw new Exception( + 'File type not allowed!', + 415 + ); + exit(0); } //Check if EXT is blacklisted if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { http_response_code(415); - exit(0); + throw new Exception( + 'File type not allowed!', + 415 + ); + exit(0); } break; @@ -81,12 +105,20 @@ function generateName($file) //Check if MIME is whitelisted if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { http_response_code(415); - exit(0); + throw new Exception( + 'File type not allowed!', + 415 + ); + exit(0); } //Check if EXT is whitelisted if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { http_response_code(415); - exit(0); + throw new Exception( + 'File type not allowed!', + 415 + ); + exit(0); } break; } diff --git a/templates/layout index.swig b/templates/layout_index.swig similarity index 100% rename from templates/layout index.swig rename to templates/layout_index.swig