eversync/eversync
1
0
Fork 0
mirror of https://github.com/rudy3333/eversync.git synced 2025-05-10 02:03:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

prevents malicious file from being uploaded

Browse source
This commit is contained in:
Max Młynarczyk 2025-05-07 01:54:57 +02:00
parent ec1a0ae478
commit c7ffe7688e
2 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
eversyncc/views.py
View file

@ -10,6 +10,8 @@ from .forms import UsernameChangeForm, DocumentForm
from .models import Document from .models import Document
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.views import LoginView from django.contrib.auth.views import LoginView
import os
def logout_view(request): def logout_view(request):
request.session.flush() request.session.flush()
@ -83,6 +85,14 @@ def upload_file(request):
form = DocumentForm(request.POST, request.FILES) form = DocumentForm(request.POST, request.FILES)
if form.is_valid(): if form.is_valid():
document = form.save(commit=False) document = form.save(commit=False)
filename = document.file.name
ext = os.path.splitext(filename)[1].lower()
forbidden_extensions=['.html','.htm','.php','.exe','.js','.sh','.bat']
if ext in forbidden_extensions:
request.session.flush()
logout(request)
return HttpResponse("<html><body><script>alert('Uploading possibly malicious files is forbidden. You have been logged out.'); location.reload();</script></body></html>")
document.user = request.user document.user = request.user
document.save() document.save()
return redirect('file_list') return redirect('file_list')

5
file_list.html
View file

@ -11,7 +11,7 @@
<link rel="stylesheet" href="{% static 'register-style.css' %}" "> <link rel="stylesheet" href="{% static 'register-style.css' %}" ">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
</head> </head>
<body style="overflow: hidden;"> <body>
<div class="header"> <div class="header">
<div class="header-content"> <div class="header-content">
<a href="/"><img src="{% static 'eversync2.png' %}" alt="Eversync Logo" style="height: 80px; margin-right: 10px; display: flex; align-items: center; gap: 5px;"></a> <a href="/"><img src="{% static 'eversync2.png' %}" alt="Eversync Logo" style="height: 80px; margin-right: 10px; display: flex; align-items: center; gap: 5px;"></a>
@ -60,6 +60,7 @@
{% endif %} {% endif %}
<h1>Your Uploaded Files</h1> <h1>Your Uploaded Files</h1>
<div style="display: inline-block;">
<ul> <ul>
{% for document in documents %} {% for document in documents %}
<li style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 10px;"> <li style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 10px;">
@ -79,7 +80,7 @@
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>
</div>
<div class="divider"></div> <div class="divider"></div>
<div style="display: flex; justify-content: center;"> <div style="display: flex; justify-content: center;">