JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow uppercasing and less rigide sanitizing of filenames, fixes #10

tags/v1.0.0
Remco 7 years ago
parent
964e8c92d7
commit
45bafbe48f
3 changed files with 12 additions and 12 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -3
      server/clamav.go
  2. +8
    -5
      server/handlers.go
  3. +3
    -4
      server/virustotal.go

+ 1
- 3
server/clamav.go View File

@@ -32,19 +32,17 @@ import (
"io"
"log"
"net/http"
"path/filepath"
"time"

clamd "github.com/dutchcoders/go-clamd"

"github.com/gorilla/mux"
"github.com/kennygrant/sanitize"
)

func (s *Server) scanHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)

filename := sanitize.Path(filepath.Base(vars["filename"]))
filename := sanitize(vars["filename"])

contentLength := r.ContentLength
contentType := r.Header.Get("Content-Type")


+ 8
- 5
server/handlers.go View File

@@ -55,7 +55,6 @@ import (

web "github.com/dutchcoders/transfer.sh-web"
"github.com/gorilla/mux"
"github.com/kennygrant/sanitize"
"github.com/russross/blackfriday"
)

@@ -190,6 +189,10 @@ func (s *Server) notFoundHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, http.StatusText(404), 404)
}

func sanitize(fileName string) string {
return path.Clean(path.Base(fileName))
}

func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
if err := r.ParseMultipartForm(_24K); nil != err {
log.Printf("%s", err.Error())
@@ -203,7 +206,7 @@ func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {

for _, fheaders := range r.MultipartForm.File {
for _, fheader := range fheaders {
filename := sanitize.Path(filepath.Base(fheader.Filename))
filename := sanitize(fheader.Filename)
contentType := fheader.Header.Get("Content-Type")

if contentType == "" {
@@ -271,7 +274,7 @@ func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)

filename := sanitize.Path(filepath.Base(vars["filename"]))
filename := sanitize(vars["filename"])

contentLength := r.ContentLength

@@ -395,7 +398,7 @@ func (s *Server) zipHandler(w http.ResponseWriter, r *http.Request) {
key = strings.Replace(key, "\\", "/", -1)

token := strings.Split(key, "/")[0]
filename := sanitize.Path(strings.Split(key, "/")[1])
filename := sanitize(strings.Split(key, "/")[1])

reader, _, _, err := s.storage.Get(token, filename)

@@ -466,7 +469,7 @@ func (s *Server) tarGzHandler(w http.ResponseWriter, r *http.Request) {
key = strings.Replace(key, "\\", "/", -1)

token := strings.Split(key, "/")[0]
filename := sanitize.Path(strings.Split(key, "/")[1])
filename := sanitize(strings.Split(key, "/")[1])

reader, _, contentLength, err := s.storage.Get(token, filename)
if err != nil {


+ 3
- 4
server/virustotal.go View File

@@ -29,18 +29,17 @@ import (
"io"
"log"
"net/http"
"path/filepath"

_ "github.com/PuerkitoBio/ghost/handlers"
"github.com/dutchcoders/go-virustotal"
"github.com/gorilla/mux"
"github.com/kennygrant/sanitize"

virustotal "github.com/dutchcoders/go-virustotal"
)

func (s *Server) virusTotalHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)

filename := sanitize.Path(filepath.Base(vars["filename"]))
filename := sanitize(vars["filename"])

contentLength := r.ContentLength
contentType := r.Header.Get("Content-Type")


Write Preview
Loading…
Cancel
Save