Soper/sugoi
1
0
Fork 0
forked from gitbot/uguu
Code Issues Pull Requests 1 Projects Releases Wiki Activity

support for blacklist & fix for make

Browse Source 
This version introduces support for a blacklist DB and other changes as to work when the Moe Panel is released.

You NEED to use the new DB schema for this version to work!

Also fixes wrong name for layout_index.swig
This commit is contained in:
nokonoko 2021-07-04 13:19:35 +02:00
parent 5e56fb981a
commit d0b9cbdcac
7 changed files with 82 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist.json
View File

@ -3,7 +3,7 @@
"allowErrors": false "allowErrors": false
}, },
"dest": "dist", "dest": "dist",
"pkgVersion": "1.2.0", "pkgVersion": "1.3.0",
"banners": [ "banners": [
"banners/malware_scans.swig", "banners/malware_scans.swig",
"banners/donations.swig" "banners/donations.swig"

26
mysql_schema.sql Normal file
View File

@ -0,0 +1,26 @@
CREATE TABLE `files` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`filename` varchar(30) default NULL,
`size` int(15) DEFAULT NULL,
`date` int(15) DEFAULT NULL,
`ip` char(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `accounts` (
`id` int(20) unsigned NOT NULL auto_increment,
`email` varchar(255) default NULL,
`pass` varchar(255) default NULL,
`level` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `blacklist` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`time` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "uguu", "name": "uguu",
"version": "1.2.0", "version": "1.3.0",
"description": "Kawaii file host", "description": "Kawaii file host",
"homepage": "https://uguu.se/", "homepage": "https://uguu.se/",
"repository": { "repository": {

12
sqlite_schema.sql
View File

@ -10,4 +10,16 @@ CREATE TABLE `files` (
, `date` integer default NULL , `date` integer default NULL
, `ip` char(15) default NULL , `ip` char(15) default NULL
); );
CREATE TABLE `accounts` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `email` varchar(255) default NULL
, `pass` varchar(255) default NULL
, `level` integer default NULL
);
CREATE TABLE `blacklist` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `hash` char(40) default NULL
, `originalname` varchar(255) default NULL
, `time` integer default NULL
);
END TRANSACTION; END TRANSACTION;

6
static/php/includes/settings.inc.php
View File

@ -35,6 +35,12 @@ define('LOG_IP', false);
*/ */
define('ANTI_DUPE', false); define('ANTI_DUPE', false);
/**
* @param boolean blacklist DB
* ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA!
*/
define('BLACKLIST_DB', false);
/* /*
* File system location where to store uploaded files * File system location where to store uploaded files
* *

40
static/php/upload.php
View File

@ -61,6 +61,22 @@ function generateName($file)
$name .= '.'.$ext; $name .= '.'.$ext;
} }
// Check if the file is blacklisted
if(BLACKLIST_DB){
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
// Check if file is whitelisted or blacklisted // Check if file is whitelisted or blacklisted
switch (CONFIG_FILTER_MODE) { switch (CONFIG_FILTER_MODE) {
@ -68,12 +84,20 @@ function generateName($file)
//check if MIME is blacklisted //check if MIME is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415); http_response_code(415);
exit(0); throw new Exception(
'File type not allowed!',
415
);
exit(0);
} }
//Check if EXT is blacklisted //Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415); http_response_code(415);
exit(0); throw new Exception(
'File type not allowed!',
415
);
exit(0);
} }
break; break;
@ -81,12 +105,20 @@ function generateName($file)
//Check if MIME is whitelisted //Check if MIME is whitelisted
if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415); http_response_code(415);
exit(0); throw new Exception(
'File type not allowed!',
415
);
exit(0);
} }
//Check if EXT is whitelisted //Check if EXT is whitelisted
if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415); http_response_code(415);
exit(0); throw new Exception(
'File type not allowed!',
415
);
exit(0);
} }
break; break;
} }

0
templates/layout index.swig → templates/layout_index.swig
View File