rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-01-05 21:46:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply sanitation to chat names with extension

Browse Source
This commit is contained in:
Cohee 2024-09-16 16:49:32 +00:00
parent 05df2be047
commit 4b2c074399
1 changed files with 12 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/endpoints/chats.js
View File

@ -144,8 +144,8 @@ router.post('/save', jsonParser, function (request, response) {
const directoryName = String(request.body.avatar_url).replace('.png', '');
const chatData = request.body.chat;
const jsonlData = chatData.map(JSON.stringify).join('\n');
const fileName = `${sanitize(String(request.body.file_name))}.jsonl`;
const filePath = path.join(request.user.directories.chats, directoryName, fileName);
const fileName = `${String(request.body.file_name)}.jsonl`;
const filePath = path.join(request.user.directories.chats, directoryName, sanitize(fileName));
writeFileAtomicSync(filePath, jsonlData, 'utf8');
backupChat(request.user.directories.backups, directoryName, jsonlData);
return response.send({ result: 'ok' });
@ -171,14 +171,15 @@ router.post('/get', jsonParser, function (request, response) {
return response.send({});
}
const fileName = path.join(directoryPath, `${sanitize(String(request.body.file_name))}.jsonl`);
const chatFileExists = fs.existsSync(fileName);
const fileName = `${String(request.body.file_name)}.jsonl`;
const filePath = path.join(directoryPath, sanitize(fileName));
const chatFileExists = fs.existsSync(filePath);
if (!chatFileExists) {
return response.send({});
}
const data = fs.readFileSync(fileName, 'utf8');
const data = fs.readFileSync(filePath, 'utf8');
const lines = data.split('\n');
// Iterate through the array of strings and parse each line as JSON
@ -217,28 +218,18 @@ router.post('/rename', jsonParser, async function (request, response) {
});
router.post('/delete', jsonParser, function (request, response) {
if (!request.body) {
console.log('no request body seen');
return response.sendStatus(400);
}
if (request.body.chatfile !== sanitize(request.body.chatfile)) {
console.error('Malicious chat name prevented');
return response.sendStatus(403);
}
const dirName = String(request.body.avatar_url).replace('.png', '');
const fileName = path.join(request.user.directories.chats, dirName, sanitize(String(request.body.chatfile)));
const chatFileExists = fs.existsSync(fileName);
const fileName = String(request.body.chatfile);
const filePath = path.join(request.user.directories.chats, dirName, sanitize(fileName));
const chatFileExists = fs.existsSync(filePath);
if (!chatFileExists) {
console.log(`Chat file not found '${fileName}'`);
console.log(`Chat file not found '${filePath}'`);
return response.sendStatus(400);
} else {
fs.rmSync(fileName);
console.log('Deleted chat file: ' + fileName);
}
fs.rmSync(filePath);
console.log('Deleted chat file: ' + filePath);
return response.send('ok');
});