zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-07-11 21:38:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

add defined file and path length limits

Browse source
This commit is contained in:
Kyle Drake 2024-01-15 08:59:57 -06:00
parent 1870286f2a
commit a1cb3c6a11
3 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/site_files.rb
View file

@ -130,7 +130,9 @@ post '/site_files/upload' do
end
end
file[:filename] = "#{dir_name.force_encoding('UTF-8')}/#{site.scrubbed_path file[:filename].force_encoding('UTF-8')}"
file_base_name = site.scrubbed_path file[:filename].force_encoding('UTF-8')
file[:filename] = "#{dir_name.force_encoding('UTF-8')}/#{file_base_name}"
if current_site.file_size_too_large? file[:tempfile].size
file_upload_response "#{Rack::Utils.escape_html file[:filename]} is too large, upload cancelled."
@ -138,6 +140,12 @@ post '/site_files/upload' do
if !site.okay_to_upload? file
file_upload_response %{#{Rack::Utils.escape_html file[:filename]}: file type (or content in file) is only supported by <a href="/supporter">supporter accounts</a>. <a href="/site_files/allowed_types">Why We Do This</a>}
end
if SiteFile.path_too_long? file[:filename]
file_upload_response "#{Rack::Utils.escape_html file[:filename]}: path is too long, upload cancelled."
end
if SiteFile.name_too_long? file_base_name
file_upload_response "#{Rack::Utils.escape_html file[:filename]}: file name is too long, upload cancelled."
end
end
uploaded_size = params[:files].collect {|f| f[:tempfile].size}.inject{|sum,x| sum + x }