security fix

2016-08-24 12:18:51 +00:00 · 2016-08-24 12:18:51 +00:00 · be4fe8d240
commit be4fe8d240
parent 152bd3fe5f
3 changed files with 17 additions and 9 deletions
--- a/package.json
+++ b/package.json
@ -8,6 +8,7 @@
  "dependencies": {
    "coffea": "^0.4.24",
    "fs-extra": "^0.30.0",
+    "mime": "^1.3.4",
    "mysql": "^2.11.1",
    "node-ffprobe": "^1.2.2",
    "repl": "^0.1.3",
--- a/src/lib.js
+++ b/src/lib.js
@ -4,6 +4,7 @@ var https = require('https');
 var exec = require('child_process').exec;
 var probe = require('node-ffprobe');
 var crypto = require('crypto');
+var Mime = require('mime');

 var bot, sql, cfg;
 var debug = true;
@ -114,16 +115,21 @@ Lib.prototype.dl = (url, dest, cb) => {
            response.pipe(file);
            file.on('finish', () => {
              file.close();
-              probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
-                if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
-                  if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
-                    cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
+              var mime = Mime.lookup(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
+              if(cfg.allowedMimes.hasOwnProperty(mime)) {
+                probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
+                  if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
+                    if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
+                      cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
+                    else
+                      cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
+                  }
                  else
                    cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
-                }
-                else
-                  cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
-              });
+                });
+              }
+              else
+                cb({'status':false, 'msg':'lol, go f0ck yourself', 'type':1});
            });
            file.on('error', (err) => {
              fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
--- a/src/main.js
+++ b/src/main.js
@ -66,7 +66,8 @@ var trigger = {
      call: args.call,
      func: args.func,
      desc: args.desc,
-      level: args.level
+      level: args.level,
+      active: args.active
    });
  }
 };