summaryrefslogtreecommitdiff
path: root/fbin
diff options
context:
space:
mode:
authorJon Bergli Heier <snakebite@jvnv.net>2021-03-28 16:38:05 +0200
committerJon Bergli Heier <snakebite@jvnv.net>2021-03-28 16:42:40 +0200
commit7a95ba7647b1bd169a68787f88adc9eeef244883 (patch)
tree8b16e4cdc2d0759ac6ed2c395edd46ee9eb94665 /fbin
parent9abb06be301ccdacc4393873386c34d4f3721f7c (diff)
Add mimetype blacklisting
Add two new configuration options: MIMETYPE_BLACKLIST and MIMETYPE_USER_WHITELIST. Any mimetype in MIMETYPE_BLACKLIST will be sent as either text/plain or application/octet-stream depending on the actual mimetype returned. If the uploader's username is specified in MIMETYPE_USER_WHITELIST, the blacklist is ignored.
Diffstat (limited to 'fbin')
-rwxr-xr-xfbin/fbin.py10
1 files changed, 9 insertions, 1 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py
index c449a55..a195594 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -176,7 +176,15 @@ def _file(hash, ext=None, filename=None):
return path
if not path or not os.path.exists(path):
abort(404)
- return send_file(path, attachment_filename=f.filename)
+ mimetype = f.get_mime_type()
+ # Serve blacklisted mimetypes as either text/plain or application/octet-stream
+ if mimetype in current_app.config['MIMETYPE_BLACKLIST'] and (f.user is None
+ or f.user.username not in current_app.config['MIMETYPE_USER_WHITELIST']):
+ if mimetype.startswith('text/'):
+ mimetype = 'text/plain'
+ else:
+ mimetype = 'application/octet-stream'
+ return send_file(path, mimetype=mimetype, attachment_filename=f.filename)
@app.route('/l')
@app.route('/login')