security fix
This commit is contained in:
Flummi
@@ -8,6 +8,7 @@
|
|||||||
"dependencies": {
|
"dependencies": {
|
||||||
"coffea": "^0.4.24",
|
"coffea": "^0.4.24",
|
||||||
"fs-extra": "^0.30.0",
|
"fs-extra": "^0.30.0",
|
||||||
|
"mime": "^1.3.4",
|
||||||
"mysql": "^2.11.1",
|
"mysql": "^2.11.1",
|
||||||
"node-ffprobe": "^1.2.2",
|
"node-ffprobe": "^1.2.2",
|
||||||
"repl": "^0.1.3",
|
"repl": "^0.1.3",
|
||||||
|
|||||||
22
src/lib.js
22
src/lib.js
@@ -4,6 +4,7 @@ var https = require('https');
|
|||||||
var exec = require('child_process').exec;
|
var exec = require('child_process').exec;
|
||||||
var probe = require('node-ffprobe');
|
var probe = require('node-ffprobe');
|
||||||
var crypto = require('crypto');
|
var crypto = require('crypto');
|
||||||
|
var Mime = require('mime');
|
||||||
|
|
||||||
var bot, sql, cfg;
|
var bot, sql, cfg;
|
||||||
var debug = true;
|
var debug = true;
|
||||||
@@ -114,16 +115,21 @@ Lib.prototype.dl = (url, dest, cb) => {
|
|||||||
response.pipe(file);
|
response.pipe(file);
|
||||||
file.on('finish', () => {
|
file.on('finish', () => {
|
||||||
file.close();
|
file.close();
|
||||||
probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
|
var mime = Mime.lookup(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
|
||||||
if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
|
if(cfg.allowedMimes.hasOwnProperty(mime)) {
|
||||||
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
|
probe(dest+"."+cfg.allowedMimes[response.headers['content-type']], (err, probeData) => {
|
||||||
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
|
if(probeData.streams[0].height !== undefined || probeData.streams[0].width !== undefined) {
|
||||||
|
if(probeData.streams[0].height <= cfg.minRes || probeData.streams[0].width <= cfg.minRes)
|
||||||
|
cb({'status':false, 'msg':'f0ck! your shitpost is too small ('+probeData.streams[0].width+' x '+probeData.streams[0].height+'), min '+cfg.minRes+' x '+cfg.minRes+' required', 'type':1});
|
||||||
|
else
|
||||||
|
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
||||||
|
}
|
||||||
else
|
else
|
||||||
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
||||||
}
|
});
|
||||||
else
|
}
|
||||||
cb({'status':true, 'msg':'downloaded '+dest, 'type':1, 'infos':{'mime':response.headers['content-type'], 'size':response.headers['content-length'], 'ext':cfg.allowedMimes[response.headers['content-type']]}});
|
else
|
||||||
});
|
cb({'status':false, 'msg':'lol, go f0ck yourself', 'type':1});
|
||||||
});
|
});
|
||||||
file.on('error', (err) => {
|
file.on('error', (err) => {
|
||||||
fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
|
fs.unlink(dest+"."+cfg.allowedMimes[response.headers['content-type']]);
|
||||||
|
|||||||
@@ -66,7 +66,8 @@ var trigger = {
|
|||||||
call: args.call,
|
call: args.call,
|
||||||
func: args.func,
|
func: args.func,
|
||||||
desc: args.desc,
|
desc: args.desc,
|
||||||
level: args.level
|
level: args.level,
|
||||||
|
active: args.active
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user