ShareX
/
ShareX-Upload-Server
mirror of https://github.com/TannerReynolds/ShareX-Upload-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Resolved all users being admins. Resolved all extensions being permitted. Added a '*' for allowed extensions to return to previous behaviour if desired.

This commit is contained in:
Connor Bell (Makeshift) 2020-08-16 04:46:43 +01:00
parent 7af517546e
commit a6be536508
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/server/app.js
View File

@ -172,7 +172,7 @@ class ShareXAPI {
});
// All files in /uploads/ are publicly accessible via http
this.app.use(express.static(`${__dirname}/uploads/`, {
extensions: this.c.admin.allowed,
extensions: this.c.admin.allowed.includes("*") ? null : this.c.admin.allowed,
}));
this.app.use(express.static(`${__dirname}/views/`, {
extensions: ['css'],

13
src/server/routes/files.js
View File

@ -91,10 +91,13 @@ async function files(req, res) {
.write();
let settings;
let isAdmin = false;
fields.key !== this.c.admin.key
? settings = this.c
: settings = this.c.admin, isAdmin = true;
if (Math.round((files.fdata.size / 1024) / 1000) > settings.maxUploadSize && isAdmin === false) {
if (!this.c.admin.key.includes(fields.key)) {
settings = this.c;
} else {
settings = this.c.admin;
isAdmin = true;
}
if (Math.round((files.fdata.size / 1024) / 1000) > settings.maxUploadSize && !isAdmin) {
if (this.monitorChannel !== null) this.bot.createMessage(this.monitorChannel, `\`\`\`MARKDOWN\n[FAILED UPLOAD][USER]\n[FILE](${files.fdata.name})\n[SIZE](${Math.round(files.fdata.size / 1024)}KB)\n[TYPE](${files.fdata.type})\n[KEY](${authKey})\n[IP](${userIP})\n\n[ERROR](ERR_FILE_TOO_BIG)\`\`\``);
res.statusCode = 413;
if (usingUploader === true) {
@ -104,7 +107,7 @@ async function files(req, res) {
res.write(`${protocol}://${req.headers.host}/ERR_FILE_TOO_BIG`);
return res.end();
}
if (!this.c.allowed.includes(fileExt) && fields.key !== this.c.admin.key && isAdmin === false) {
if (!settings.allowed.some(ext => fileExt.endsWith(ext)) && !settings.allowed.includes("*")) {
if (this.monitorChannel !== null) this.bot.createMessage(this.monitorChannel, `\`\`\`MARKDOWN\n[FAILED UPLOAD][USER]\n[FILE](${files.fdata.name})\n[SIZE](${Math.round(files.fdata.size / 1024)}KB)\n[TYPE](${files.fdata.type})\n[KEY](${authKey})\n[IP](${userIP})\n\n[ERROR](ERR_ILLEGAL_FILE_TYPE)\`\`\``);
res.statusCode = 415;
if (usingUploader === true) {