allow plaintext attachments

This commit is contained in:
Ted Unangst 2019-04-15 10:04:41 -04:00
parent 4f58ceb491
commit 7b12715d1e
3 changed files with 46 additions and 20 deletions

View File

@ -413,7 +413,7 @@ func xonkxonk(item interface{}) *Honk {
mt = strings.ToLower(mt) mt = strings.ToLower(mt)
log.Printf("attachment: %s %s", mt, u) log.Printf("attachment: %s %s", mt, u)
if mt == "image/jpeg" || mt == "image/png" || if mt == "image/jpeg" || mt == "image/png" ||
mt == "image/gif" { mt == "image/gif" || mt == "text/plain" {
donk := savedonk(u, name, mt) donk := savedonk(u, name, mt)
if donk != nil { if donk != nil {
xonk.Donks = append(xonk.Donks, donk) xonk.Donks = append(xonk.Donks, donk)

60
honk.go
View File

@ -721,30 +721,50 @@ func savehonk(w http.ResponseWriter, r *http.Request) {
noise = obfusbreak(noise) noise = obfusbreak(noise)
honk.Noise = noise honk.Noise = noise
file, _, err := r.FormFile("donk") file, filehdr, err := r.FormFile("donk")
if err == nil { if err == nil {
var buf bytes.Buffer var buf bytes.Buffer
io.Copy(&buf, file) io.Copy(&buf, file)
file.Close() file.Close()
data := buf.Bytes() data := buf.Bytes()
xid := xfiltrate()
var media, name string
img, format, err := image.Decode(&buf) img, format, err := image.Decode(&buf)
if err != nil { if err == nil {
log.Printf("bad image: %s", err) data, format, err = vacuumwrap(img, format)
return if err != nil {
log.Printf("can't vacuum image: %s", err)
return
}
media = "image/" + format
if format == "jpeg" {
format = "jpg"
}
name = xid + "." + format
xid = name
} else {
maxsize := 100000
if len(data) > maxsize {
log.Printf("bad image: %s too much text: %d", err, len(data))
http.Error(w, "didn't like your attachment", http.StatusUnsupportedMediaType)
return
}
for i := 0; i < len(data); i++ {
if data[i] < 32 && data[i] != '\t' && data[i] != '\r' && data[i] != '\n' {
log.Printf("bad image: %s not text: %d", err, data[i])
http.Error(w, "didn't like your attachment", http.StatusUnsupportedMediaType)
return
}
}
media = "text/plain"
name = filehdr.Filename
if name == "" {
name = xid + ".txt"
}
xid += ".txt"
} }
data, format, err = vacuumwrap(img, format) url := fmt.Sprintf("https://%s/d/%s", serverName, xid)
if err != nil { res, err := stmtSaveFile.Exec(xid, name, url, media, data)
log.Printf("can't vacuum image: %s", err)
return
}
name := xfiltrate()
media := "image/" + format
if format == "jpeg" {
format = "jpg"
}
name = name + "." + format
url := fmt.Sprintf("https://%s/d/%s", serverName, name)
res, err := stmtSaveFile.Exec(name, name, url, media, data)
if err != nil { if err != nil {
log.Printf("unable to save image: %s", err) log.Printf("unable to save image: %s", err)
return return
@ -897,13 +917,15 @@ func serveemu(w http.ResponseWriter, r *http.Request) {
func servefile(w http.ResponseWriter, r *http.Request) { func servefile(w http.ResponseWriter, r *http.Request) {
xid := mux.Vars(r)["xid"] xid := mux.Vars(r)["xid"]
row := stmtFileData.QueryRow(xid) row := stmtFileData.QueryRow(xid)
var media string
var data []byte var data []byte
err := row.Scan(&data) err := row.Scan(&media, &data)
if err != nil { if err != nil {
log.Printf("error loading file: %s", err) log.Printf("error loading file: %s", err)
http.NotFound(w, r) http.NotFound(w, r)
return return
} }
w.Header().Set("Content-Type", media)
w.Header().Set("Cache-Control", "max-age=432000") w.Header().Set("Cache-Control", "max-age=432000")
w.Write(data) w.Write(data)
} }
@ -998,7 +1020,7 @@ func prepareStatements(db *sql.DB) {
stmtHonksForUser = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid where honks.userid = ? and dt > ? order by honkid desc limit 250") stmtHonksForUser = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid where honks.userid = ? and dt > ? order by honkid desc limit 250")
stmtHonksByHonker = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, honks.xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid join honkers on honkers.xid = honks.honker where honks.userid = ? and honkers.name = ? order by honkid desc limit 50") stmtHonksByHonker = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, honks.xid, rid, dt, url, audience, noise from honks join users on honks.userid = users.userid join honkers on honkers.xid = honks.honker where honks.userid = ? and honkers.name = ? order by honkid desc limit 50")
stmtSaveHonk = preparetodie(db, "insert into honks (userid, what, honker, xid, rid, dt, url, audience, noise) values (?, ?, ?, ?, ?, ?, ?, ?, ?)") stmtSaveHonk = preparetodie(db, "insert into honks (userid, what, honker, xid, rid, dt, url, audience, noise) values (?, ?, ?, ?, ?, ?, ?, ?, ?)")
stmtFileData = preparetodie(db, "select content from files where xid = ?") stmtFileData = preparetodie(db, "select media, content from files where xid = ?")
stmtFindXonk = preparetodie(db, "select honkid from honks where userid = ? and xid = ?") stmtFindXonk = preparetodie(db, "select honkid from honks where userid = ? and xid = ?")
stmtSaveDonk = preparetodie(db, "insert into donks (honkid, fileid) values (?, ?)") stmtSaveDonk = preparetodie(db, "insert into donks (honkid, fileid) values (?, ?)")
stmtDeleteHonk = preparetodie(db, "update honks set what = 'zonk' where xid = ? and honker = ?") stmtDeleteHonk = preparetodie(db, "update honks set what = 'zonk' where xid = ? and honker = ?")

View File

@ -3,9 +3,13 @@
<div class="title"><img alt="avatar" src="/a?a={{ .Honker}}"><p><a href="{{ .Honker }}" rel=noreferrer>{{ .Username }}</a> <span class="clip">{{ .What }} {{ .Date.Format "02 Jan 2006 15:04" }} <a href="{{ .URL }}" rel=noreferrer>{{ .URL }}</a></span></div> <div class="title"><img alt="avatar" src="/a?a={{ .Honker}}"><p><a href="{{ .Honker }}" rel=noreferrer>{{ .Username }}</a> <span class="clip">{{ .What }} {{ .Date.Format "02 Jan 2006 15:04" }} <a href="{{ .URL }}" rel=noreferrer>{{ .URL }}</a></span></div>
<div class="noise"><p>{{ .HTML }}</div> <div class="noise"><p>{{ .HTML }}</div>
{{ range .Donks }} {{ range .Donks }}
{{ if eq .Media "text/plain" }}
<p><a href="/d/{{ .XID }}">Attachment: {{ .Name }}</a>
{{ else }}
<p><a href="/d/{{ .XID }}"><img src="/d/{{ .XID }}" title="{{ .URL }}"></a> <p><a href="/d/{{ .XID }}"><img src="/d/{{ .XID }}" title="{{ .URL }}"></a>
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }}
{{ if .Bonk }} {{ if .Bonk }}
<p> <p>
<button onclick="bonk('{{ .Honk.XID }}'); return false;"><a href="/bonk">bonk</a></button> <button onclick="bonk('{{ .Honk.XID }}'); return false;"><a href="/bonk">bonk</a></button>