support for blacklist & fix for make

This version introduces support for a blacklist DB and other changes as to work when the Moe Panel is released.

You NEED to use the new DB schema for this version to work!

Also fixes wrong name for layout_index.swig
This commit is contained in:
nokonoko 2021-07-04 13:19:35 +02:00
parent 5e56fb981a
commit d0b9cbdcac
7 changed files with 82 additions and 6 deletions

View File

@ -3,7 +3,7 @@
"allowErrors": false
},
"dest": "dist",
"pkgVersion": "1.2.0",
"pkgVersion": "1.3.0",
"banners": [
"banners/malware_scans.swig",
"banners/donations.swig"

26
mysql_schema.sql Normal file
View File

@ -0,0 +1,26 @@
CREATE TABLE `files` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`filename` varchar(30) default NULL,
`size` int(15) DEFAULT NULL,
`date` int(15) DEFAULT NULL,
`ip` char(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `accounts` (
`id` int(20) unsigned NOT NULL auto_increment,
`email` varchar(255) default NULL,
`pass` varchar(255) default NULL,
`level` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
CREATE TABLE `blacklist` (
`id` int(20) unsigned NOT NULL auto_increment,
`hash` char(40) DEFAULT NULL,
`originalname` varchar(255) default NULL,
`time` int(15) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

View File

@ -1,6 +1,6 @@
{
"name": "uguu",
"version": "1.2.0",
"version": "1.3.0",
"description": "Kawaii file host",
"homepage": "https://uguu.se/",
"repository": {

View File

@ -10,4 +10,16 @@ CREATE TABLE `files` (
, `date` integer default NULL
, `ip` char(15) default NULL
);
CREATE TABLE `accounts` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `email` varchar(255) default NULL
, `pass` varchar(255) default NULL
, `level` integer default NULL
);
CREATE TABLE `blacklist` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `hash` char(40) default NULL
, `originalname` varchar(255) default NULL
, `time` integer default NULL
);
END TRANSACTION;

View File

@ -35,6 +35,12 @@ define('LOG_IP', false);
*/
define('ANTI_DUPE', false);
/**
* @param boolean blacklist DB
* ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA!
*/
define('BLACKLIST_DB', false);
/*
* File system location where to store uploaded files
*

View File

@ -61,6 +61,22 @@ function generateName($file)
$name .= '.'.$ext;
}
// Check if the file is blacklisted
if(BLACKLIST_DB){
$q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
// Check if file is whitelisted or blacklisted
switch (CONFIG_FILTER_MODE) {
@ -68,11 +84,19 @@ function generateName($file)
//check if MIME is blacklisted
if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
break;
@ -81,11 +105,19 @@ function generateName($file)
//Check if MIME is whitelisted
if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
//Check if EXT is whitelisted
if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
break;