Added restricted content types parameter for uploads

2023-08-02 14:16:22 +02:00 · 2017-12-20 11:08:34 -08:00 · 2017-12-20 11:08:34 -08:00 · e6589638bd
commit e6589638bd
parent 1fe63a06bd
3 changed files with 25 additions and 4 deletions
--- a/Teknik/Areas/API/Controllers/APIv1Controller.cs
+++ b/Teknik/Areas/API/Controllers/APIv1Controller.cs
@ -87,6 +87,15 @@ namespace Teknik.Areas.API.Controllers
                                }
                            }

+                            // Check content type restrictions (Only for encrypting server side
+                            if (model.encrypt || !string.IsNullOrEmpty(model.key))
+                            {
+                                if (Config.UploadConfig.RestrictedContentTypes.Contains(model.contentType))
+                                {
+                                    return Json(new { error = new { message = "File Type Not Allowed" } });
+                                }
+                            }
+
                            // Initialize the key size and block size if empty
                            if (model.keySize <= 0)
                                model.keySize = Config.UploadConfig.KeySize;
--- a/Teknik/Areas/Upload/Controllers/UploadController.cs
+++ b/Teknik/Areas/Upload/Controllers/UploadController.cs
@ -1,4 +1,4 @@
-using nClam;
+using nClam;
 using Piwik.Tracker;
 using System;
 using System.Collections.Generic;
@ -84,6 +84,15 @@ namespace Teknik.Areas.Upload.Controllers
                            }
                        }

+                        // Check content type restrictions (Only for encrypting server side
+                        if (encrypt)
+                        {
+                            if (Config.UploadConfig.RestrictedContentTypes.Contains(fileType))
+                            {
+                                return Json(new { error = new { message = "File Type Not Allowed" } });
+                            }
+                        }
+
                        using (TeknikEntities db = new TeknikEntities())
                        {
                            Models.Upload upload = Uploader.SaveFile(db, Config, data.InputStream, fileType, contentLength, encrypt, fileExt, iv, null, keySize, blockSize);
@ -413,4 +422,4 @@ namespace Teknik.Areas.Upload.Controllers
            }
        }
    }
-}
+}
--- a/Utilities/Configuration/UploadConfig.cs
+++ b/Utilities/Configuration/UploadConfig.cs
@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@ -31,6 +31,8 @@ namespace Teknik.Configuration
        public bool VirusScanEnable { get; set; }
        public string ClamServer { get; set; }
        public int ClamPort { get; set; }
+        // Content Type Restrictions
+        public List<string> RestrictedContentTypes { get; set; }

        public UploadConfig()
        {
@ -55,6 +57,7 @@ namespace Teknik.Configuration
            VirusScanEnable = false;
            ClamServer = "localhost";
            ClamPort = 3310;
+            RestrictedContentTypes = new List<string>();
        }
    }
-}
+}