From 7b12715d1e66556c4eb1c47acae662e091b9416f Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Mon, 15 Apr 2019 10:04:41 -0400 Subject: [PATCH] allow plaintext attachments --- activity.go | 2 +- honk.go | 60 +++++++++++++++++++++++++++++++++---------------- views/honk.html | 4 ++++ 3 files changed, 46 insertions(+), 20 deletions(-) diff --git a/activity.go b/activity.go index 9a0fbd8..91ef29a 100644 --- a/activity.go +++ b/activity.go @@ -413,7 +413,7 @@ func xonkxonk(item interface{}) *Honk { mt = strings.ToLower(mt) log.Printf("attachment: %s %s", mt, u) if mt == "image/jpeg" || mt == "image/png" || - mt == "image/gif" { + mt == "image/gif" || mt == "text/plain" { donk := savedonk(u, name, mt) if donk != nil { xonk.Donks = append(xonk.Donks, donk) diff --git a/honk.go b/honk.go index 8ef2e18..e507c74 100644 --- a/honk.go +++ b/honk.go @@ -721,30 +721,50 @@ func savehonk(w http.ResponseWriter, r *http.Request) { noise = obfusbreak(noise) honk.Noise = noise - file, _, err := r.FormFile("donk") + file, filehdr, err := r.FormFile("donk") if err == nil { var buf bytes.Buffer io.Copy(&buf, file) file.Close() data := buf.Bytes() + xid := xfiltrate() + var media, name string img, format, err := image.Decode(&buf) - if err != nil { - log.Printf("bad image: %s", err) - return + if err == nil { + data, format, err = vacuumwrap(img, format) + if err != nil { + log.Printf("can't vacuum image: %s", err) + return + } + media = "image/" + format + if format == "jpeg" { + format = "jpg" + } + name = xid + "." + format + xid = name + } else { + maxsize := 100000 + if len(data) > maxsize { + log.Printf("bad image: %s too much text: %d", err, len(data)) + http.Error(w, "didn't like your attachment", http.StatusUnsupportedMediaType) + return + } + for i := 0; i < len(data); i++ { + if data[i] < 32 && data[i] != '\t' && data[i] != '\r' && data[i] != '\n' { + log.Printf("bad image: %s not text: %d", err, data[i]) + http.Error(w, "didn't like your attachment", http.StatusUnsupportedMediaType) + return + } + } + media = "text/plain" + name = filehdr.Filename + if name == "" { + name = xid + ".txt" + } + xid += ".txt" } - data, format, err = vacuumwrap(img, format) - if err != nil { - log.Printf("can't vacuum image: %s", err) - return - } - name := xfiltrate() - media := "image/" + format - if format == "jpeg" { - format = "jpg" - } - name = name + "." + format - url := fmt.Sprintf("https://%s/d/%s", serverName, name) - res, err := stmtSaveFile.Exec(name, name, url, media, data) + url := fmt.Sprintf("https://%s/d/%s", serverName, xid) + res, err := stmtSaveFile.Exec(xid, name, url, media, data) if err != nil { log.Printf("unable to save image: %s", err) return @@ -897,13 +917,15 @@ func serveemu(w http.ResponseWriter, r *http.Request) { func servefile(w http.ResponseWriter, r *http.Request) { xid := mux.Vars(r)["xid"] row := stmtFileData.QueryRow(xid) + var media string var data []byte - err := row.Scan(&data) + err := row.Scan(&media, &data) if err != nil { log.Printf("error loading file: %s", err) http.NotFound(w, r) return } + w.Header().Set("Content-Type", media) w.Header().Set("Cache-Control", "max-age=432000") w.Write(data) } @@ -998,7 +1020,7 @@ func prepareStatements(db *sql.DB) { stmtHonksForUser = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid where honks.userid = ? and dt > ? order by honkid desc limit 250") stmtHonksByHonker = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, honks.xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid join honkers on honkers.xid = honks.honker where honks.userid = ? and honkers.name = ? order by honkid desc limit 50") stmtSaveHonk = preparetodie(db, "insert into honks (userid, what, honker, xid, rid, dt, url, audience, noise) values (?, ?, ?, ?, ?, ?, ?, ?, ?)") - stmtFileData = preparetodie(db, "select content from files where xid = ?") + stmtFileData = preparetodie(db, "select media, content from files where xid = ?") stmtFindXonk = preparetodie(db, "select honkid from honks where userid = ? and xid = ?") stmtSaveDonk = preparetodie(db, "insert into donks (honkid, fileid) values (?, ?)") stmtDeleteHonk = preparetodie(db, "update honks set what = 'zonk' where xid = ? and honker = ?") diff --git a/views/honk.html b/views/honk.html index 1f05052..013e8dc 100644 --- a/views/honk.html +++ b/views/honk.html @@ -3,9 +3,13 @@
avatar

{{ .Username }} {{ .What }} {{ .Date.Format "02 Jan 2006 15:04" }} {{ .URL }}

{{ .HTML }}

{{ range .Donks }} +{{ if eq .Media "text/plain" }} +

Attachment: {{ .Name }} +{{ else }}

{{ end }} {{ end }} +{{ end }} {{ if .Bonk }}