rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Sanitizing

Browse Source
This commit is contained in:
SillyLossy
2023-03-21 14:30:06 +02:00
parent 8fef5288b9
commit 20c6cb242b
3 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server.js
View File

@ -14,6 +14,7 @@ const PNGtext = require('png-chunk-text');
const jimp = require('jimp');
const path = require('path');
const sanitize = require('sanitize-filename');
const cookieParser = require('cookie-parser');
const crypto = require('crypto');
@ -615,6 +616,11 @@ app.post("/deletecharacter", urlencodedParser, function (request, response) {
return response.sendStatus(400);
}
if (request.body.avatar_url !== sanitize(request.body.avatar_url)) {
console.error('Malicious filename prevented');
return response.sendStatus(400);
}
const avatarPath = charactersPath + request.body.avatar_url;
if (!fs.existsSync(avatarPath)) {
return response.sendStatus(400);