From f7cf5722b0642dd39c32bc242a00ed634d41e9db Mon Sep 17 00:00:00 2001 From: Kibi Kelburton Date: Wed, 13 May 2026 13:21:52 +0200 Subject: [PATCH] preventing pdf from showing up in abyss --- src/inc/routeinc/f0cklib.mjs | 11 +++++++++++ src/inc/routes/scroller.mjs | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/inc/routeinc/f0cklib.mjs b/src/inc/routeinc/f0cklib.mjs index 22d8bd1..adc6e39 100644 --- a/src/inc/routeinc/f0cklib.mjs +++ b/src/inc/routeinc/f0cklib.mjs @@ -125,6 +125,7 @@ export default { // Support multiple MIME types (comma separated) const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); + const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``; const mimeSQL = mimeParts.length > 0 ? db`and (${mimeParts.map(m => m === 'flash' ? (flashMimes.length > 0 @@ -197,6 +198,7 @@ export default { ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${newerThan ? db`and items.id > ${newerThan}` : db``} ${xdFilter} + ${excludePdfSQL} `; const total = Number(totalRows[0].total); @@ -248,6 +250,7 @@ export default { ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${newerThan ? db`and items.id > ${newerThan}` : db``} ${xdFilter} + ${excludePdfSQL} group by items.id order by ${random ? db`random()` : db`items.is_pinned desc, items.id desc`} offset ${newerThan ? 0 : offset} @@ -317,6 +320,7 @@ export default { const mime = (rawMime ?? ""); const itemid = rawItemid ? +rawItemid : null; const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); + const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``; const mimeSQL = mimeParts.length > 0 ? db`and (${mimeParts.map(m => m === 'flash' ? (flashMimes.length > 0 @@ -386,6 +390,7 @@ export default { ${mimeSQL} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} + ${excludePdfSQL} `; }; @@ -664,6 +669,7 @@ export default { // Support multiple MIME types (comma separated) const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); + const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``; const mimeSQL = mimeParts.length > 0 ? db`and (${mimeParts.map(m => m === 'flash' ? (flashMimes.length > 0 @@ -698,6 +704,7 @@ export default { ${mimeSQL} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} group by items.id + ${excludePdfSQL} order by random() limit 1 `; @@ -741,6 +748,7 @@ export default { ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} group by items.id, tags.tag + ${excludePdfSQL} order by random() limit 1 `; @@ -759,6 +767,7 @@ export default { ${mimeSQL} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} + ${excludePdfSQL} order by random() limit 1 `; @@ -774,6 +783,7 @@ export default { and items.active = true ${mimeSQL} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} + ${excludePdfSQL} order by random() limit 1 `; @@ -799,6 +809,7 @@ export default { ${checkFilter ? db`AND filter_ta.tag_id IS NULL` : db``} ${excludedTags.length > 0 ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND tag_id = ANY(${excludedTags}::int[]))` : db``} ${!useTagIdOpt ? db`AND ${db.unsafe(modequery)}` : db``} + ${excludePdfSQL} ORDER BY random() LIMIT 1 `; diff --git a/src/inc/routes/scroller.mjs b/src/inc/routes/scroller.mjs index 1c45c7e..1ffef6b 100644 --- a/src/inc/routes/scroller.mjs +++ b/src/inc/routes/scroller.mjs @@ -130,9 +130,9 @@ export default (router, tpl) => { // anchor= is a specific item ID to include first in the batch (used for hash-based deep links) const anchorId = qs.anchor ? parseInt(qs.anchor, 10) : null; - // MIME filter — SWF excluded unless the server has enable_swf turned on const swfMimes = ['application/x-shockwave-flash', 'application/vnd.adobe.flash.movie']; const excludeSwfSQL = !cfg.websrv.enable_swf ? db`AND items.mime != ALL(${swfMimes})` : db``; + const excludePdfSQL = db`AND items.mime != 'application/pdf'`; const mimeParts = (mime || '').split(',').filter(m => ['video', 'audio', 'image'].includes(m)); const mimeSQL = mimeParts.length > 0 ? db`AND (${mimeParts.map(m => db`items.mime ilike ${m + '/%'}`).reduce((a, b) => db`${a} OR ${b}`)})` @@ -211,6 +211,7 @@ export default (router, tpl) => { WHERE items.id = ${anchorId} AND items.active = true AND ${db.unsafe(modeQuery)} + ${excludePdfSQL} ${!req.session && nsfp ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND (${db.unsafe(nsfp)}))` : db``} `; // If the anchor item doesn't pass the rating filter, it's inaccessible to this user. @@ -227,6 +228,7 @@ export default (router, tpl) => { ${db.unsafe(modeQuery)} AND items.active = true ${excludeSwfSQL} + ${excludePdfSQL} AND items.id != ${anchorId} ${excludeSQL} ${mimeSQL} @@ -249,6 +251,7 @@ export default (router, tpl) => { ${db.unsafe(modeQuery)} AND items.active = true ${excludeSwfSQL} + ${excludePdfSQL} ${cursorSQL} ${excludeSQL} ${mimeSQL}