Gitea-John71/Gists
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix uuid

Browse Source 
Signed-off-by: Thomas Miceli <tho.miceli@gmail.com>
This commit is contained in:
Thomas Miceli
2026-02-26 06:42:00 +07:00
parent f83018ebf2
commit 42490f2995
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/web/handlers/gist/create.go
View File

@@ -70,7 +70,10 @@ func ProcessCreate(ctx *context.Context) error {
fileFilenames := dto.UploadedFilesNames
if len(fileUUIDs) == len(fileFilenames) {
for i, fileUUID := range fileUUIDs {
filePath := filepath.Join(filepath.Join(config.GetHomeDir(), "uploads"), fileUUID)
if !uuidRegex.MatchString(filepath.Base(fileUUID)) {
continue
}
filePath := filepath.Join(config.GetHomeDir(), "uploads", fileUUID)
if _, err := os.Stat(filePath); err != nil {
continue

11
internal/web/handlers/gist/upload.go
View File

@@ -4,12 +4,15 @@ import (
"io"
"os"
"path/filepath"
"regexp"
"github.com/google/uuid"
"github.com/thomiceli/opengist/internal/config"
"github.com/thomiceli/opengist/internal/web/context"
)
var uuidRegex = regexp.MustCompile(`^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$`)
func Upload(ctx *context.Context) error {
err := ctx.Request().ParseMultipartForm(32 << 20) // 32 MB max
if err != nil {
@@ -57,13 +60,13 @@ func Upload(ctx *context.Context) error {
}
func DeleteUpload(ctx *context.Context) error {
uuid := ctx.Param("uuid")
if uuid == "" {
fileUuid := filepath.Base(ctx.Param("uuid"))
if fileUuid == "" || !uuidRegex.MatchString(fileUuid) {
return ctx.ErrorRes(400, ctx.Tr("error.bad-request"), nil)
}
uploadsDir := filepath.Join(config.GetHomeDir(), "uploads")
filePath := filepath.Join(uploadsDir, uuid)
filePath := filepath.Join(config.GetHomeDir(), "uploads", fileUuid)
if _, err := os.Stat(filePath); err == nil {
if err := os.Remove(filePath); err != nil {