zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Restrict amount of files created per site

Browse source
This commit is contained in:
Kyle Drake 2015-06-08 20:49:30 -07:00
parent 397f34a014
commit 784ba44785
4 changed files with 25 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/api.rb
View file

@ -23,6 +23,10 @@ post '/api/upload' do
api_error 400, 'too_large', 'files are too large to fit in your space, try uploading smaller (or less) files' api_error 400, 'too_large', 'files are too large to fit in your space, try uploading smaller (or less) files'
end end
if current_site.too_many_files?(files.length)
api_error 400, 'too_many_files', "cannot exceed the maximum site files limit (#{current_site.plan_feature(:maximum_site_files)}), #{current_site.supporter? ? 'please contact support' : 'please upgrade to a supporter account'}"
end
files.each do |file| files.each do |file|
if !current_site.okay_to_upload?(file) if !current_site.okay_to_upload?(file)
api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content) for this site, files have not been uploaded" api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content) for this site, files have not been uploaded"

4
app/site_files.rb
View file

@ -124,6 +124,10 @@ post '/site_files/upload' do
file_upload_response "File(s) do not fit in your available space, upload cancelled." file_upload_response "File(s) do not fit in your available space, upload cancelled."
end end
if current_site.too_many_files? params[:files].length
file_upload_response "Too many files, cannot upload"
end
results = current_site.store_files params[:files] results = current_site.store_files params[:files]
file_upload_response file_upload_response
end end

13
tests/api_tests.rb
View file

@ -160,6 +160,19 @@ describe 'api upload' do
res[:error_type].must_equal 'missing_files' res[:error_type].must_equal 'missing_files'
end end
it 'fails with too many files' do
create_site
basic_authorize @user, @pass
@site.plan_feature(:maximum_site_files).times {
uuid = SecureRandom.uuid.gsub('-', '')+'.html'
@site.add_site_file path: uuid
}
post '/api/upload', {
'/lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:error_type].must_equal 'too_many_files'
end
it 'resists directory traversal attack' do it 'resists directory traversal attack' do
create_site create_site
basic_authorize @user, @pass basic_authorize @user, @pass

6
tests/site_tests.rb
View file

@ -53,10 +53,12 @@ describe Site do
end end
it 'should match plan_type' do it 'should match plan_type' do
%w{supporter neko catbus fatcat}.each do |plan_type| %w{supporter free}.each do |plan_type|
site = Fabricate :site, plan_type: plan_type site = Fabricate :site, plan_type: plan_type
site.plan_type.must_equal plan_type site.plan_type.must_equal plan_type
end end
site = Fabricate :site, plan_type: nil
site.plan_type.must_equal 'free'
end end
end end
@ -77,4 +79,4 @@ describe Site do
site.suggestions.length.must_equal Site::SUGGESTIONS_LIMIT site.suggestions.length.must_equal Site::SUGGESTIONS_LIMIT
end end
end end
end end