Block on extension

83206a01 · Volkor Barbarian Warrior · 3da8126b · 83206a01 · 83206a01 · 83206a01
Unverified Commit 83206a01 authored 4 years ago by Volkor Barbarian Warrior
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ A temporary (or permanent, depending on configuration) file sharing service writ
 ## Features

 * Automatically remove files that aren't accessed often enough
-* Supports all filetypes, with options to filter by mimetypes
+* Supports all filetypes, with options to filter by file extension
 * Prevents duplicate filenames
 * Works on all platforms (as long as they can use basic JavaScript)
 * Both easy to set up and use
@@ -19,7 +19,7 @@ Ignore the submodules directory, this is for my instance.

 Needed:

-* Python 3 (Required for python-magic)
+* Python 3
 * sqlite3 package for your OS (To create the database)
 * Install the python requirements with (``pip install -r requirements.txt``)
 * nginx or another reverse proxy.

--- a/conf.py.sample
+++ b/conf.py.sample
@@ -31,11 +31,11 @@ config["GEN_DELETEKEY"] = False
 # File settings
 config["UPLOAD_FOLDER"] = './data'
 config["ALLOW_ALL_FILES"] = False
-config["ALLOWED_MIMETYPES"] = set(['plain/text', 'application/pdf', 'image/png', 'image/x-png', 'image/jpeg', 'image/gif'])
+config["ALLOWED_EXTENSIONS"] = set(['txt', 'pdf', 'bmp', 'png', 'jpg', 'jpeg', 'gif', 'webm', 'log', 'bin', 'webp', 'heif', 'mov', 'mkv', 'mp4', 'mp3', 'ogg', 'flac' ])

 # Will use blacklist if this is enabled. You must disable ALLOW_ALL_FILES for this to take effect
 config["BLACKLIST"] = True
-config["BANNED_MIMETYPES"] = set(['application/x-dosexec', 'application/x-msdownload', 'application/x-msdos-program' 'text/html', 'application/javascript', 'application/x-httpd-php', 'application/msi'])
+config["BANNED_EXTENSIONS"] = set(['exe', 'msi', 'html', 'js', 'php'])

 # If this is set to true, old files will be deleted. TIME is how far behind (in seconds) the last accessed time can be before files get deleted
 config["DELETE_FILES"] = True

--- a/run.py
+++ b/run.py
@@ -8,7 +8,7 @@ import os
 import random
 import json
 import time
-import magic
+# import magic
 import secrets
 from random import randint

@@ -77,19 +77,9 @@ def allowed_file(file):
    return True
  else:
    if config["BLACKLIST"]:
-      if magic.from_buffer(file.read(1024), mime=True) not in config["BANNED_MIMETYPES"]:
-        file.seek(0) # seek back to start so a valid file could be read
-        return True
-      else:
-        file.seek(0)
-        return False
+      return '.' in file and file.rsplit('.', 1)[1] not in config["BANNED_EXTENSIONS"]
    else:
-      if magic.from_buffer(file.read(1024), mime=True) in config["ALLOWED_MIMETYPES"]:
-        file.seek(0)
-        return True
-      else:
-        file.seek(0)
-        return False
+      return '.' in file and file.rsplit('.', 1)[1] in config["ALLOWED_EXTENSIONS"]

 @app.route('/', methods=['GET', 'POST'])
 def upload_file():