Changeset

2731:d48faff92490

mod_http_upload: Remove MIME type restrictions and checking (fixes #958)
author Kim Alvefur <zash@zash.se>
date Sat, 22 Jul 2017 23:14:13 +0200 (2017-07-22)
parents 2730:cd828b1cb5b9
children 2732:b1c5b0c369c2
files mod_http_upload/README.markdown mod_http_upload/mod_http_upload.lua
diffstat 2 files changed, 3 insertions(+), 37 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_upload/README.markdown	Sun Jul 16 19:29:05 2017 +0100
+++ b/mod_http_upload/README.markdown	Sat Jul 22 23:14:13 2017 +0200
@@ -55,14 +55,6 @@
 http_upload_quota = 1234 -- bytes
 ```
 
-### File types
-
-Accepted file types can be limited by MIME type:
-
-``` lua
-http_upload_allowed_file_types = { "image/*", "text/plain" }
-```
-
 Path
 ----
 
--- a/mod_http_upload/mod_http_upload.lua	Sun Jul 16 19:29:05 2017 +0100
+++ b/mod_http_upload/mod_http_upload.lua	Sat Jul 22 23:14:13 2017 +0200
@@ -31,7 +31,6 @@
 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB
 local quota = module:get_option_number(module.name .. "_quota");
 local max_age = module:get_option_number(module.name .. "_expire_after");
-local allowed_file_types = module:get_option_set(module.name .. "_allowed_file_types");
 
 --- sanity
 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024);
@@ -46,7 +45,6 @@
 module:depends("disco");
 
 local http_files = module:depends("http_files");
-local mime_map = module:shared("/*/http_files/mime").types;
 
 -- namespaces
 local namespace = "urn:xmpp:http:upload:0";
@@ -110,7 +108,7 @@
 	return sum < quota;
 end
 
-local function handle_request(origin, stanza, xmlns, filename, filesize, mimetype)
+local function handle_request(origin, stanza, xmlns, filename, filesize)
 	local username, host = origin.username, origin.host;
 	-- local clients only
 	if origin.type ~= "c2s" then
@@ -141,28 +139,6 @@
 		return true;
 	end
 
-	if mime_map then
-		local file_ext = filename:match("%.([^.]+)$");
-		if not mimetype then
-			mimetype = "application/octet-stream";
-			if file_ext then
-				mimetype = mime_map[file_ext] or mimetype;
-			end
-		else
-			if (not file_ext and mimetype ~= "application/octet-stream") or (file_ext and mime_map[file_ext] ~= mimetype) then
-				origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension"));
-				return true;
-			end
-		end
-	end
-
-	if allowed_file_types then
-		if not (allowed_file_types:contains(mimetype) or allowed_file_types:contains(mimetype:gsub("/.*", "/*"))) then
-			origin.send(st.error_reply(stanza, "cancel", "not-allowed", "File type not allowed"));
-			return true;
-		end
-	end
-
 	local reply = st.reply(stanza);
 	reply:tag("slot", { xmlns = xmlns });
 
@@ -207,8 +183,7 @@
 	local request = stanza.tags[1];
 	local filename = request.attr.filename;
 	local filesize = tonumber(request.attr.size);
-	local mimetype = request.attr["content-type"];
-	return handle_request(origin, stanza, namespace, filename, filesize, mimetype);
+	return handle_request(origin, stanza, namespace, filename, filesize);
 end);
 
 module:hook("iq/host/"..legacy_namespace..":request", function (event)
@@ -216,8 +191,7 @@
 	local request = stanza.tags[1];
 	local filename = request:get_child_text("filename");
 	local filesize = tonumber(request:get_child_text("size"));
-	local mimetype = request:get_child_text("content-type");
-	return handle_request(origin, stanza, legacy_namespace, filename, filesize, mimetype);
+	return handle_request(origin, stanza, legacy_namespace, filename, filesize);
 end);
 
 -- http service