Modified the way that lainsafe stores files

Now it creates a directory for the new file, with a random name, and
and stores the file with the original filename in there, so .tar.gz
issue is fixed.
This commit is contained in:
qorg11 2021-01-30 22:25:07 +01:00
parent bdc0246971
commit ffd96c69cc
No known key found for this signature in database
GPG Key ID: 343FC20A4ACA62B9
1 changed files with 33 additions and 41 deletions

View File

@ -23,70 +23,62 @@ my $filename = $q->param('file');
my $upload_dir = "files/";
print $q->header();
$size = $ENV{CONTENT_LENGTH};
# Configuration
our $MAX_SIZE = 1024*1024*100; # Change for your size
our $MAX_SIZE = 1024*1024*100; # Change for your size
our $MAX_SIZE_MB = $MAX_SIZE / 1024 / 1024; # Don't change this
our @not_allowed_extensions = qw(sh out exe);
if($filename eq "" || $ENV{REQUEST_METHOD} eq "GET")
{
print("What are you looking for?");
exit;
if ($filename eq "" || $ENV{REQUEST_METHOD} eq "GET") {
print("What are you looking for?");
exit;
}
if($size > $MAX_SIZE)
{
print("Max size for a file is $MAX_SIZE_MB MBs");
exit;
if ($size > $MAX_SIZE) {
print("Max size for a file is $MAX_SIZE_MB MBs");
exit;
}
my @chars = ("A"..."z","a"..."z");
my $dirname;
my $extension = $filename;
$extension =~ s/.*\.//; # tar.gz sucks with this
$extension = "notcgi" if $extension eq "cgi";
# Get unix time in miliseconds
my $string;
$string = gettimeofday; # perl, what?
$string =~ s/\.//g;
$dirname .= $chars[rand @chars] for 1..8;
$extension =~ s/.*\.//;
$filename .= ".notcgi" if $extension eq "cgi";
mkdir("$upload_dir/$dirname");
my $upload_filehandle = $q->upload("file");
# onion urls will be http
my $prot = length $ENV{HTTPS} ? "https" : "http";
$filename = $string . "." . $extension;
my $allowed_extension = 1;
foreach(@not_allowed_extensions)
{
if($filename =~ /\.$_$/i)
{
$allowed_extension = 0;
last;
}
foreach (@not_allowed_extensions) {
if ($filename =~ /\.$_$/i) {
$allowed_extension = 0;
last;
}
}
if($allowed_extension)
{
if ($allowed_extension) {
open(FILE,">$upload_dir/$filename");
binmode(FILE);
open(FILE,">$upload_dir/$dirname/$filename");
binmode(FILE);
while (<$upload_filehandle>) {
print FILE;
}
close FILE;
while(<$upload_filehandle>)
{
print FILE;
}
close FILE;
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$filename";
}
else
{
print "The file extension .$extension is not allowed in this instance.";
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$dirname/$filename";
} else {
print "The file extension .$extension is not allowed in this instance.";
}