v/transfer.sh
1
0
Fork 0
mirror of https://github.com/dutchcoders/transfer.sh.git synced 2020-11-18 19:53:40 -08:00
Code Issues Releases Wiki Activity

Allow uppercasing and less rigide sanitizing of filenames, fixes #10

Browse Source
This commit is contained in:
Remco 2017-03-23 11:46:59 +01:00
parent 964e8c92d7
commit 45bafbe48f
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/clamav.go
View File

@ -32,19 +32,17 @@ import (
"io" "io"
"log" "log"
"net/http" "net/http"
"path/filepath"
"time" "time"
clamd "github.com/dutchcoders/go-clamd" clamd "github.com/dutchcoders/go-clamd"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/kennygrant/sanitize"
) )
func (s *Server) scanHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) scanHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
filename := sanitize.Path(filepath.Base(vars["filename"])) filename := sanitize(vars["filename"])
contentLength := r.ContentLength contentLength := r.ContentLength
contentType := r.Header.Get("Content-Type") contentType := r.Header.Get("Content-Type")

13
server/handlers.go
View File

@ -55,7 +55,6 @@ import (
web "github.com/dutchcoders/transfer.sh-web" web "github.com/dutchcoders/transfer.sh-web"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/kennygrant/sanitize"
"github.com/russross/blackfriday" "github.com/russross/blackfriday"
) )
@ -190,6 +189,10 @@ func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, http.StatusText(404), 404) http.Error(w, http.StatusText(404), 404)
} }
func sanitize(fileName string) string {
return path.Clean(path.Base(fileName))
}
func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
if err := r.ParseMultipartForm(_24K); nil != err { if err := r.ParseMultipartForm(_24K); nil != err {
log.Printf("%s", err.Error()) log.Printf("%s", err.Error())
@ -203,7 +206,7 @@ func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
for _, fheaders := range r.MultipartForm.File { for _, fheaders := range r.MultipartForm.File {
for _, fheader := range fheaders { for _, fheader := range fheaders {
filename := sanitize.Path(filepath.Base(fheader.Filename)) filename := sanitize(fheader.Filename)
contentType := fheader.Header.Get("Content-Type") contentType := fheader.Header.Get("Content-Type")
if contentType == "" { if contentType == "" {
@ -271,7 +274,7 @@ func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
filename := sanitize.Path(filepath.Base(vars["filename"])) filename := sanitize(vars["filename"])
contentLength := r.ContentLength contentLength := r.ContentLength
@ -395,7 +398,7 @@ func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {
key = strings.Replace(key, "\\", "/", -1) key = strings.Replace(key, "\\", "/", -1)
token := strings.Split(key, "/")[0] token := strings.Split(key, "/")[0]
filename := sanitize.Path(strings.Split(key, "/")[1]) filename := sanitize(strings.Split(key, "/")[1])
reader, _, _, err := s.storage.Get(token, filename) reader, _, _, err := s.storage.Get(token, filename)
@ -466,7 +469,7 @@ func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {
key = strings.Replace(key, "\\", "/", -1) key = strings.Replace(key, "\\", "/", -1)
token := strings.Split(key, "/")[0] token := strings.Split(key, "/")[0]
filename := sanitize.Path(strings.Split(key, "/")[1]) filename := sanitize(strings.Split(key, "/")[1])
reader, _, contentLength, err := s.storage.Get(token, filename) reader, _, contentLength, err := s.storage.Get(token, filename)
if err != nil { if err != nil {

7
server/virustotal.go
View File

@ -29,18 +29,17 @@ import (
"io" "io"
"log" "log"
"net/http" "net/http"
"path/filepath"
_ "github.com/PuerkitoBio/ghost/handlers" _ "github.com/PuerkitoBio/ghost/handlers"
"github.com/dutchcoders/go-virustotal"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/kennygrant/sanitize"
virustotal "github.com/dutchcoders/go-virustotal"
) )
func (s *Server) virusTotalHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) virusTotalHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r) vars := mux.Vars(r)
filename := sanitize.Path(filepath.Base(vars["filename"])) filename := sanitize(vars["filename"])
contentLength := r.ContentLength contentLength := r.ContentLength
contentType := r.Header.Get("Content-Type") contentType := r.Header.Get("Content-Type")