Software /
code /
prosody
Comparison
plugins/mod_http_file_share.lua @ 11319:a4b299e37909
mod_http_file_share: Reject invalid file sizes
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 27 Jan 2021 00:36:49 +0100 |
parent | 11318:3b16aba6285f |
child | 11320:817cadf6be92 |
comparison
equal
deleted
inserted
replaced
11318:3b16aba6285f | 11319:a4b299e37909 |
---|---|
46 access = { type = "auth"; condition = "forbidden" }; | 46 access = { type = "auth"; condition = "forbidden" }; |
47 filename = { type = "modify"; condition = "bad-request"; text = "Invalid filename" }; | 47 filename = { type = "modify"; condition = "bad-request"; text = "Invalid filename" }; |
48 filetype = { type = "modify"; condition = "not-acceptable"; text = "File type not allowed" }; | 48 filetype = { type = "modify"; condition = "not-acceptable"; text = "File type not allowed" }; |
49 filesize = { type = "modify"; condition = "not-acceptable"; text = "File too large"; | 49 filesize = { type = "modify"; condition = "not-acceptable"; text = "File too large"; |
50 extra = {tag = st.stanza("file-too-large", {xmlns = namespace}):tag("max-file-size"):text(tostring(file_size_limit)) }; | 50 extra = {tag = st.stanza("file-too-large", {xmlns = namespace}):tag("max-file-size"):text(tostring(file_size_limit)) }; |
51 filesizefmt = { type = "modify"; condition = "bad-request"; text = "File size must be positive integer"; } | |
51 }; | 52 }; |
52 }); | 53 }); |
53 | 54 |
54 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error | 55 function may_upload(uploader, filename, filesize, filetype) -- > boolean, error |
55 local uploader_host = jid.host(uploader); | 56 local uploader_host = jid.host(uploader); |
60 if not filename or filename:find"/" then | 61 if not filename or filename:find"/" then |
61 -- On Linux, only '/' and '\0' are invalid in filenames and NUL can't be in XML | 62 -- On Linux, only '/' and '\0' are invalid in filenames and NUL can't be in XML |
62 return false, upload_errors.new("filename"); | 63 return false, upload_errors.new("filename"); |
63 end | 64 end |
64 | 65 |
66 if not filesize or filesize < 0 or filesize % 1 ~= 0 then | |
67 return false, upload_errors.new("filesizefmt"); | |
68 end | |
65 if filesize > file_size_limit then | 69 if filesize > file_size_limit then |
66 return false, upload_errors.new("filesize"); | 70 return false, upload_errors.new("filesize"); |
67 end | 71 end |
68 | 72 |
69 if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then | 73 if not ( file_types:empty() or file_types:contains(filetype) or file_types:contains(filetype:gsub("/.*", "/*")) ) then |