f0ck/f0ckv1
3
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

security fix

Browse Source
This commit is contained in:
Flummi 2016-08-24 12:18:51 +00:00
parent 152bd3fe5f
commit be4fe8d240
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -8,6 +8,7 @@
"dependencies": { "dependencies": {
"coffea": "^0.4.24", "coffea": "^0.4.24",
"fs-extra": "^0.30.0", "fs-extra": "^0.30.0",
"mime": "^1.3.4",
"mysql": "^2.11.1", "mysql": "^2.11.1",
"node-ffprobe": "^1.2.2", "node-ffprobe": "^1.2.2",
"repl": "^0.1.3", "repl": "^0.1.3",

22
src/lib.js
View File

@ -4,6 +4,7 @@ var https = require('https');
var exec = require('child_process').exec; var exec = require('child_process').exec;
var probe = require('node-ffprobe'); var probe = require('node-ffprobe');
var crypto = require('crypto'); var crypto = require('crypto');
var Mime = require('mime');
var bot, sql, cfg; var bot, sql, cfg;
var debug = true; var debug = true;
@ -114,16 +115,21 @@ Lib.prototype.dl = (url, dest, cb) => {
response.pipe(file); response.pipe(file);
file.on('finish', () => { file.on('finish', () => {
file.close(); file.close();
probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => { var mime = Mime.lookup(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) { if(cfg.allowedMimes.hasOwnProperty(mime)) {
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes) probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1}); if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
else
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
}
else else
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}}); cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
} });
else }
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}}); else
}); cb({'status':false, 'msg':'lol, go f0ck yourself', 'type':1});
}); });
file.on('error', (err) => { file.on('error', (err) => {
fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]); fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]);

3
src/main.js
View File

@ -66,7 +66,8 @@ var trigger = {
call: args.call, call: args.call,
func: args.func, func: args.func,
desc: args.desc, desc: args.desc,
level: args.level level: args.level,
active: args.active
}); });
} }
}; };