preventing pdf from showing up in abyss

This commit is contained in:
2026-05-13 13:21:52 +02:00
parent 6152502299
commit f7cf5722b0
2 changed files with 15 additions and 1 deletions

View File

@@ -125,6 +125,7 @@ export default {
// Support multiple MIME types (comma separated) // Support multiple MIME types (comma separated)
const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m));
const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``;
const mimeSQL = mimeParts.length > 0 const mimeSQL = mimeParts.length > 0
? db`and (${mimeParts.map(m => m === 'flash' ? db`and (${mimeParts.map(m => m === 'flash'
? (flashMimes.length > 0 ? (flashMimes.length > 0
@@ -197,6 +198,7 @@ export default {
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
${newerThan ? db`and items.id > ${newerThan}` : db``} ${newerThan ? db`and items.id > ${newerThan}` : db``}
${xdFilter} ${xdFilter}
${excludePdfSQL}
`; `;
const total = Number(totalRows[0].total); const total = Number(totalRows[0].total);
@@ -248,6 +250,7 @@ export default {
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
${newerThan ? db`and items.id > ${newerThan}` : db``} ${newerThan ? db`and items.id > ${newerThan}` : db``}
${xdFilter} ${xdFilter}
${excludePdfSQL}
group by items.id group by items.id
order by ${random ? db`random()` : db`items.is_pinned desc, items.id desc`} order by ${random ? db`random()` : db`items.is_pinned desc, items.id desc`}
offset ${newerThan ? 0 : offset} offset ${newerThan ? 0 : offset}
@@ -317,6 +320,7 @@ export default {
const mime = (rawMime ?? ""); const mime = (rawMime ?? "");
const itemid = rawItemid ? +rawItemid : null; const itemid = rawItemid ? +rawItemid : null;
const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m));
const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``;
const mimeSQL = mimeParts.length > 0 const mimeSQL = mimeParts.length > 0
? db`and (${mimeParts.map(m => m === 'flash' ? db`and (${mimeParts.map(m => m === 'flash'
? (flashMimes.length > 0 ? (flashMimes.length > 0
@@ -386,6 +390,7 @@ export default {
${mimeSQL} ${mimeSQL}
${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
${excludePdfSQL}
`; `;
}; };
@@ -664,6 +669,7 @@ export default {
// Support multiple MIME types (comma separated) // Support multiple MIME types (comma separated)
const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m)); const mimeParts = (mime || "").split(',').filter(m => ['video', 'audio', 'image', 'flash', 'pdf'].includes(m));
const excludePdfSQL = !mimeParts.includes('pdf') ? db`and items.mime != 'application/pdf'` : db``;
const mimeSQL = mimeParts.length > 0 const mimeSQL = mimeParts.length > 0
? db`and (${mimeParts.map(m => m === 'flash' ? db`and (${mimeParts.map(m => m === 'flash'
? (flashMimes.length > 0 ? (flashMimes.length > 0
@@ -698,6 +704,7 @@ export default {
${mimeSQL} ${mimeSQL}
${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
group by items.id group by items.id
${excludePdfSQL}
order by random() order by random()
limit 1 limit 1
`; `;
@@ -741,6 +748,7 @@ export default {
${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
group by items.id, tags.tag group by items.id, tags.tag
${excludePdfSQL}
order by random() order by random()
limit 1 limit 1
`; `;
@@ -759,6 +767,7 @@ export default {
${mimeSQL} ${mimeSQL}
${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``} ${!session && globalfilter ? db`and not exists (select 1 from tags_assign where item_id = items.id and (${db.unsafe(globalfilter)}))` : db``}
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
${excludePdfSQL}
order by random() order by random()
limit 1 limit 1
`; `;
@@ -774,6 +783,7 @@ export default {
and items.active = true and items.active = true
${mimeSQL} ${mimeSQL}
${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`and not exists (select 1 from tags_assign where item_id = items.id and tag_id = any(${excludedTags}::int[]))` : db``}
${excludePdfSQL}
order by random() order by random()
limit 1 limit 1
`; `;
@@ -799,6 +809,7 @@ export default {
${checkFilter ? db`AND filter_ta.tag_id IS NULL` : db``} ${checkFilter ? db`AND filter_ta.tag_id IS NULL` : db``}
${excludedTags.length > 0 ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND tag_id = ANY(${excludedTags}::int[]))` : db``} ${excludedTags.length > 0 ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND tag_id = ANY(${excludedTags}::int[]))` : db``}
${!useTagIdOpt ? db`AND ${db.unsafe(modequery)}` : db``} ${!useTagIdOpt ? db`AND ${db.unsafe(modequery)}` : db``}
${excludePdfSQL}
ORDER BY random() ORDER BY random()
LIMIT 1 LIMIT 1
`; `;

View File

@@ -130,9 +130,9 @@ export default (router, tpl) => {
// anchor= is a specific item ID to include first in the batch (used for hash-based deep links) // anchor= is a specific item ID to include first in the batch (used for hash-based deep links)
const anchorId = qs.anchor ? parseInt(qs.anchor, 10) : null; const anchorId = qs.anchor ? parseInt(qs.anchor, 10) : null;
// MIME filter — SWF excluded unless the server has enable_swf turned on
const swfMimes = ['application/x-shockwave-flash', 'application/vnd.adobe.flash.movie']; const swfMimes = ['application/x-shockwave-flash', 'application/vnd.adobe.flash.movie'];
const excludeSwfSQL = !cfg.websrv.enable_swf ? db`AND items.mime != ALL(${swfMimes})` : db``; const excludeSwfSQL = !cfg.websrv.enable_swf ? db`AND items.mime != ALL(${swfMimes})` : db``;
const excludePdfSQL = db`AND items.mime != 'application/pdf'`;
const mimeParts = (mime || '').split(',').filter(m => ['video', 'audio', 'image'].includes(m)); const mimeParts = (mime || '').split(',').filter(m => ['video', 'audio', 'image'].includes(m));
const mimeSQL = mimeParts.length > 0 const mimeSQL = mimeParts.length > 0
? db`AND (${mimeParts.map(m => db`items.mime ilike ${m + '/%'}`).reduce((a, b) => db`${a} OR ${b}`)})` ? db`AND (${mimeParts.map(m => db`items.mime ilike ${m + '/%'}`).reduce((a, b) => db`${a} OR ${b}`)})`
@@ -211,6 +211,7 @@ export default (router, tpl) => {
WHERE items.id = ${anchorId} WHERE items.id = ${anchorId}
AND items.active = true AND items.active = true
AND ${db.unsafe(modeQuery)} AND ${db.unsafe(modeQuery)}
${excludePdfSQL}
${!req.session && nsfp ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND (${db.unsafe(nsfp)}))` : db``} ${!req.session && nsfp ? db`AND NOT EXISTS (SELECT 1 FROM tags_assign WHERE item_id = items.id AND (${db.unsafe(nsfp)}))` : db``}
`; `;
// If the anchor item doesn't pass the rating filter, it's inaccessible to this user. // If the anchor item doesn't pass the rating filter, it's inaccessible to this user.
@@ -227,6 +228,7 @@ export default (router, tpl) => {
${db.unsafe(modeQuery)} ${db.unsafe(modeQuery)}
AND items.active = true AND items.active = true
${excludeSwfSQL} ${excludeSwfSQL}
${excludePdfSQL}
AND items.id != ${anchorId} AND items.id != ${anchorId}
${excludeSQL} ${excludeSQL}
${mimeSQL} ${mimeSQL}
@@ -249,6 +251,7 @@ export default (router, tpl) => {
${db.unsafe(modeQuery)} ${db.unsafe(modeQuery)}
AND items.active = true AND items.active = true
${excludeSwfSQL} ${excludeSwfSQL}
${excludePdfSQL}
${cursorSQL} ${cursorSQL}
${excludeSQL} ${excludeSQL}
${mimeSQL} ${mimeSQL}