rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Sanitation adjustments

Browse Source
This commit is contained in:
SillyLossy
2023-03-30 00:44:38 +03:00
parent b9ae8efc5b
commit ec3d3d6247
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
public/script.js
View File

@@ -262,6 +262,16 @@ const system_messages = {
}, },
}; };
// refresh token
$(document).ajaxError(function myErrorHandler(_, xhr) {
if (xhr.status == 403) {
$.get("/csrf-token").then((data) => {
console.log('refreshed csrf token');
token = data.token;
});
}
});
const talkativeness_default = 0.5; const talkativeness_default = 0.5;
var is_advanced_char_open = false; var is_advanced_char_open = false;

4
server.js
View File

@@ -622,7 +622,7 @@ app.post("/deletecharacter", urlencodedParser, function (request, response) {
invalidateThumbnail('avatar', request.body.avatar_url); invalidateThumbnail('avatar', request.body.avatar_url);
let dir_name = (request.body.avatar_url.replace('.png', '')); let dir_name = (request.body.avatar_url.replace('.png', ''));
if (dir_name !== sanitize(dir_name)) { if (!dir_name.length) {
console.error('Malicious dirname prevented'); console.error('Malicious dirname prevented');
return response.sendStatus(403); return response.sendStatus(403);
} }
@@ -1713,7 +1713,7 @@ async function generateThumbnail(type, file) {
app.get('/thumbnail', jsonParser, async function (request, response) { app.get('/thumbnail', jsonParser, async function (request, response) {
const type = request.query.type; const type = request.query.type;
const file = request.query.file; const file = sanitize(request.query.file);
if (!type || !file) { if (!type || !file) {
return response.sendStatus(400); return response.sendStatus(400);