mirror of
https://github.com/SillyTavern/SillyTavern.git
synced 2025-01-07 15:11:57 +01:00
Apply sanitation to chat names with extension
This commit is contained in:
parent
05df2be047
commit
4b2c074399
@ -144,8 +144,8 @@ router.post('/save', jsonParser, function (request, response) {
|
|||||||
const directoryName = String(request.body.avatar_url).replace('.png', '');
|
const directoryName = String(request.body.avatar_url).replace('.png', '');
|
||||||
const chatData = request.body.chat;
|
const chatData = request.body.chat;
|
||||||
const jsonlData = chatData.map(JSON.stringify).join('\n');
|
const jsonlData = chatData.map(JSON.stringify).join('\n');
|
||||||
const fileName = `${sanitize(String(request.body.file_name))}.jsonl`;
|
const fileName = `${String(request.body.file_name)}.jsonl`;
|
||||||
const filePath = path.join(request.user.directories.chats, directoryName, fileName);
|
const filePath = path.join(request.user.directories.chats, directoryName, sanitize(fileName));
|
||||||
writeFileAtomicSync(filePath, jsonlData, 'utf8');
|
writeFileAtomicSync(filePath, jsonlData, 'utf8');
|
||||||
backupChat(request.user.directories.backups, directoryName, jsonlData);
|
backupChat(request.user.directories.backups, directoryName, jsonlData);
|
||||||
return response.send({ result: 'ok' });
|
return response.send({ result: 'ok' });
|
||||||
@ -171,14 +171,15 @@ router.post('/get', jsonParser, function (request, response) {
|
|||||||
return response.send({});
|
return response.send({});
|
||||||
}
|
}
|
||||||
|
|
||||||
const fileName = path.join(directoryPath, `${sanitize(String(request.body.file_name))}.jsonl`);
|
const fileName = `${String(request.body.file_name)}.jsonl`;
|
||||||
const chatFileExists = fs.existsSync(fileName);
|
const filePath = path.join(directoryPath, sanitize(fileName));
|
||||||
|
const chatFileExists = fs.existsSync(filePath);
|
||||||
|
|
||||||
if (!chatFileExists) {
|
if (!chatFileExists) {
|
||||||
return response.send({});
|
return response.send({});
|
||||||
}
|
}
|
||||||
|
|
||||||
const data = fs.readFileSync(fileName, 'utf8');
|
const data = fs.readFileSync(filePath, 'utf8');
|
||||||
const lines = data.split('\n');
|
const lines = data.split('\n');
|
||||||
|
|
||||||
// Iterate through the array of strings and parse each line as JSON
|
// Iterate through the array of strings and parse each line as JSON
|
||||||
@ -217,28 +218,18 @@ router.post('/rename', jsonParser, async function (request, response) {
|
|||||||
});
|
});
|
||||||
|
|
||||||
router.post('/delete', jsonParser, function (request, response) {
|
router.post('/delete', jsonParser, function (request, response) {
|
||||||
if (!request.body) {
|
|
||||||
console.log('no request body seen');
|
|
||||||
return response.sendStatus(400);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (request.body.chatfile !== sanitize(request.body.chatfile)) {
|
|
||||||
console.error('Malicious chat name prevented');
|
|
||||||
return response.sendStatus(403);
|
|
||||||
}
|
|
||||||
|
|
||||||
const dirName = String(request.body.avatar_url).replace('.png', '');
|
const dirName = String(request.body.avatar_url).replace('.png', '');
|
||||||
const fileName = path.join(request.user.directories.chats, dirName, sanitize(String(request.body.chatfile)));
|
const fileName = String(request.body.chatfile);
|
||||||
const chatFileExists = fs.existsSync(fileName);
|
const filePath = path.join(request.user.directories.chats, dirName, sanitize(fileName));
|
||||||
|
const chatFileExists = fs.existsSync(filePath);
|
||||||
|
|
||||||
if (!chatFileExists) {
|
if (!chatFileExists) {
|
||||||
console.log(`Chat file not found '${fileName}'`);
|
console.log(`Chat file not found '${filePath}'`);
|
||||||
return response.sendStatus(400);
|
return response.sendStatus(400);
|
||||||
} else {
|
|
||||||
fs.rmSync(fileName);
|
|
||||||
console.log('Deleted chat file: ' + fileName);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fs.rmSync(filePath);
|
||||||
|
console.log('Deleted chat file: ' + filePath);
|
||||||
return response.send('ok');
|
return response.send('ok');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user