security fix
This commit is contained in:
Flummi
@@ -8,6 +8,7 @@
|
||||
"dependencies": {
|
||||
"coffea": "^0.4.24",
|
||||
"fs-extra": "^0.30.0",
|
||||
"mime": "^1.3.4",
|
||||
"mysql": "^2.11.1",
|
||||
"node-ffprobe": "^1.2.2",
|
||||
"repl": "^0.1.3",
|
||||
|
||||
22
src/lib.js
22
src/lib.js
@@ -4,6 +4,7 @@ var https = require('https');
|
||||
var exec = require('child_process').exec;
|
||||
var probe = require('node-ffprobe');
|
||||
var crypto = require('crypto');
|
||||
var Mime = require('mime');
|
||||
|
||||
var bot, sql, cfg;
|
||||
var debug = true;
|
||||
@@ -114,16 +115,21 @@ Lib.prototype.dl = (url, dest, cb) => {
|
||||
response.pipe(file);
|
||||
file.on('finish', () => {
|
||||
file.close();
|
||||
probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
|
||||
if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
|
||||
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
|
||||
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
|
||||
var mime = Mime.lookup(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
|
||||
if(cfg.allowedMimes.hasOwnProperty(mime)) {
|
||||
probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
|
||||
if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
|
||||
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
|
||||
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
|
||||
else
|
||||
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
||||
}
|
||||
else
|
||||
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
||||
}
|
||||
else
|
||||
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
||||
});
|
||||
});
|
||||
}
|
||||
else
|
||||
cb({'status':false, 'msg':'lol, go f0ck yourself', 'type':1});
|
||||
});
|
||||
file.on('error', (err) => {
|
||||
fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
|
||||
|
||||
@@ -66,7 +66,8 @@ var trigger = {
|
||||
call: args.call,
|
||||
func: args.func,
|
||||
desc: args.desc,
|
||||
level: args.level
|
||||
level: args.level,
|
||||
active: args.active
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user