add whitelist mode and fix clipboard glyph

nokonoko · Jul 3, 2021 · 5e56fb9 · 5e56fb9
1 parent 6fb976d
commit 5e56fb9
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 20 deletions.
diff --git a/dist.json b/dist.json
@@ -3,7 +3,7 @@
           "allowErrors": false
         },
         "dest": "dist",
-        "pkgVersion": "1.1.2",
+        "pkgVersion": "1.2.0",
 	"banners": [
 		"banners/malware_scans.swig",
 		"banners/donations.swig"

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "uguu",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "description": "Kawaii file host",
   "homepage": "https://uguu.se/",
   "repository": {

diff --git a/static/css/uguu.css b/static/css/uguu.css
@@ -232,7 +232,7 @@ nav > ul > li:last-child:after {
   color: #891A18;
 }
 button.upload-clipboard-btn {
-  height: 16px;
+  height: 32px;
 }
 .error#upload-filelist .progress-percent {
   color: #B94A48;

diff --git a/static/php/includes/settings.inc.php b/static/php/includes/settings.inc.php
@@ -25,10 +25,14 @@
 /* @param string UGUU_DB_PASS Database password */
 define('UGUU_DB_PASS', 'NULL');
 
-/** Log IP of uploads */
+/** 
+ * @param boolean Log IP of uploads 
+ */
 define('LOG_IP', false);
 
-/** Dont upload a file already in the DB */
+/** 
+ * @param boolean anti-dupe
+ */
 define('ANTI_DUPE', false);
 
 /*
@@ -78,11 +82,11 @@
 define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));
 
 /**
- * Filter mode: whitelist (true) or blacklist (false).
- *
- * @param bool $FILTER_MODE mime type filter mode
+ * Whitelist or blacklist mode
+ * @param boolean blacklist (false) | whitelist (true)
  */
-$FILTER_MODE = false;
+define('CONFIG_FILTER_MODE', false);
+
 /**
  * Double dot file extensions.
  *

diff --git a/static/php/upload.php b/static/php/upload.php
@@ -61,15 +61,34 @@ function generateName($file)
             $name .= '.'.$ext;
         }
 
-        //Check if MIME is blacklisted
-        if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
-            http_response_code(415);
-            exit(0);
-        }
-        //Check if EXT is blacklisted
-        if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
-            http_response_code(415);
-            exit(0);
+        // Check if file is whitelisted or blacklisted
+        switch (CONFIG_FILTER_MODE) {
+
+            case false:
+                //check if MIME is blacklisted
+                if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+                //Check if EXT is blacklisted
+                if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+            break;
+
+            case true:
+                //Check if MIME is whitelisted
+                if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+                //Check if EXT is whitelisted
+                if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+                    http_response_code(415);
+                    exit(0);
+                }
+            break;
         }
 
         // Check if a file with the same name does already exist in the database
@@ -93,8 +112,6 @@ function generateName($file)
 function uploadFile($file)
 {
     global $db;
-    global $FILTER_MODE;
-    global $FILTER_MIME;
 
     // Handle file errors
     if ($file->error) {