svragv/sakisafe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modified the way that lainsafe stores files

Browse source 
Now it creates a directory for the new file, with a random name, and
and stores the file with the original filename in there, so .tar.gz
issue is fixed.
This commit is contained in:
qorg11 2021-01-30 22:25:07 +01:00
parent bdc0246971
commit ffd96c69cc
No known key found for this signature in database
GPG key ID: 343FC20A4ACA62B9
1 changed files with 33 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
http/upload.cgi
View file

@ -23,70 +23,62 @@ my $filename = $q->param('file');
my $upload_dir = "files/"; my $upload_dir = "files/";
print $q->header(); print $q->header();
$size = $ENV{CONTENT_LENGTH}; $size = $ENV{CONTENT_LENGTH};
# Configuration # Configuration
our $MAX_SIZE = 1024*1024*100; # Change for your size our $MAX_SIZE = 1024*1024*100; # Change for your size
our $MAX_SIZE_MB = $MAX_SIZE / 1024 / 1024; # Don't change this our $MAX_SIZE_MB = $MAX_SIZE / 1024 / 1024; # Don't change this
our @not_allowed_extensions = qw(sh out exe); our @not_allowed_extensions = qw(sh out exe);
if($filename eq "" || $ENV{REQUEST_METHOD} eq "GET") if ($filename eq "" || $ENV{REQUEST_METHOD} eq "GET") {
{ print("What are you looking for?");
print("What are you looking for?"); exit;
exit;
} }
if($size > $MAX_SIZE) if ($size > $MAX_SIZE) {
{ print("Max size for a file is $MAX_SIZE_MB MBs");
print("Max size for a file is $MAX_SIZE_MB MBs"); exit;
exit;
} }
my @chars = ("A"..."z","a"..."z");
my $dirname;
my $extension = $filename; my $extension = $filename;
$extension =~ s/.*\.//; # tar.gz sucks with this
$extension = "notcgi" if $extension eq "cgi";
# Get unix time in miliseconds
my $string;
$string = gettimeofday; # perl, what?
$string =~ s/\.//g;
$dirname .= $chars[rand @chars] for 1..8;
$extension =~ s/.*\.//;
$filename .= ".notcgi" if $extension eq "cgi";
mkdir("$upload_dir/$dirname");
my $upload_filehandle = $q->upload("file"); my $upload_filehandle = $q->upload("file");
# onion urls will be http # onion urls will be http
my $prot = length $ENV{HTTPS} ? "https" : "http"; my $prot = length $ENV{HTTPS} ? "https" : "http";
$filename = $string . "." . $extension;
my $allowed_extension = 1; my $allowed_extension = 1;
foreach(@not_allowed_extensions) foreach (@not_allowed_extensions) {
{ if ($filename =~ /\.$_$/i) {
if($filename =~ /\.$_$/i) $allowed_extension = 0;
{ last;
$allowed_extension = 0; }
last;
}
} }
if($allowed_extension) if ($allowed_extension) {
{
open(FILE,">$upload_dir/$filename"); open(FILE,">$upload_dir/$dirname/$filename");
binmode(FILE); binmode(FILE);
while (<$upload_filehandle>) {
print FILE;
}
close FILE;
while(<$upload_filehandle>) print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$dirname/$filename";
{ } else {
print FILE; print "The file extension .$extension is not allowed in this instance.";
}
close FILE;
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$filename";
}
else
{
print "The file extension .$extension is not allowed in this instance.";
} }