add whitelist mode and fix clipboard glyph

2024-01-06 13:35:15 +00:00 · 2021-07-03 17:23:16 +02:00 · 2021-07-03 17:23:16 +02:00 · 5e56fb981a
commit 5e56fb981a
parent 6fb976d738
5 changed files with 41 additions and 20 deletions
--- a/dist.json
+++ b/dist.json
@ -3,7 +3,7 @@
          "allowErrors": false
        },
        "dest": "dist",
-        "pkgVersion": "1.1.2",
+        "pkgVersion": "1.2.0",
 	"banners": [
 		"banners/malware_scans.swig",
 		"banners/donations.swig"
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "uguu",
-  "version": "1.1.2",
+  "version": "1.2.0",
  "description": "Kawaii file host",
  "homepage": "https://uguu.se/",
  "repository": {
--- a/static/css/uguu.css
+++ b/static/css/uguu.css
@ -232,7 +232,7 @@ nav > ul > li:last-child:after {
  color: #891A18;
 }
 button.upload-clipboard-btn {
-  height: 16px;
+  height: 32px;
 }
 .error#upload-filelist .progress-percent {
  color: #B94A48;
--- a/static/php/includes/settings.inc.php
+++ b/static/php/includes/settings.inc.php
@ -25,10 +25,14 @@ define('UGUU_DB_USER', 'NULL');
 /* @param string UGUU_DB_PASS Database password */
 define('UGUU_DB_PASS', 'NULL');

-/** Log IP of uploads */
+/** 
+ * @param boolean Log IP of uploads 
+ */
 define('LOG_IP', false);

-/** Dont upload a file already in the DB */
+/** 
+ * @param boolean anti-dupe
+ */
 define('ANTI_DUPE', false);

 /*
@ -78,11 +82,11 @@ define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat'
 define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));

 /**
- * Filter mode: whitelist (true) or blacklist (false).
- *
- * @param bool $FILTER_MODE mime type filter mode
+ * Whitelist or blacklist mode
+ * @param boolean blacklist (false) | whitelist (true)
 */
-$FILTER_MODE = false;
+define('CONFIG_FILTER_MODE', false);
+
 /**
 * Double dot file extensions.
 *
--- a/static/php/upload.php
+++ b/static/php/upload.php
@ -61,15 +61,34 @@ function generateName($file)
            $name .= '.'.$ext;
        }

-        //Check if MIME is blacklisted
-        if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
-            http_response_code(415);
-            exit(0);
-        }
-        //Check if EXT is blacklisted
-        if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
-            http_response_code(415);
-            exit(0);
+        // Check if file is whitelisted or blacklisted
+        switch (CONFIG_FILTER_MODE) {
+
+            case false:
+                //check if MIME is blacklisted
+                if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+                //Check if EXT is blacklisted
+                if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+            break;
+
+            case true:
+                //Check if MIME is whitelisted
+                if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+                //Check if EXT is whitelisted
+                if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+            break;
        }

        // Check if a file with the same name does already exist in the database
@ -93,8 +112,6 @@ function generateName($file)
 function uploadFile($file)
 {
    global $db;
-    global $FILTER_MODE;
-    global $FILTER_MIME;

    // Handle file errors
    if ($file->error) {