mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-07 14:50:55 +03:00
Nicola Murino
92
httpd/web.go
92
httpd/web.go
@@ -6,7 +6,6 @@ import (
|
||||
"html/template"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
@@ -308,8 +307,8 @@ func getSliceFromDelimitedValues(values, delimiter string) []string {
|
||||
return result
|
||||
}
|
||||
|
||||
func getFileExtensionsFromPostField(value string, extesionsType int) []dataprovider.ExtensionsFilter {
|
||||
var result []dataprovider.ExtensionsFilter
|
||||
func getListFromPostFields(value string) map[string][]string {
|
||||
result := make(map[string][]string)
|
||||
for _, cleaned := range getSliceFromDelimitedValues(value, "\n") {
|
||||
if strings.Contains(cleaned, "::") {
|
||||
dirExts := strings.Split(cleaned, "::")
|
||||
@@ -319,22 +318,16 @@ func getFileExtensionsFromPostField(value string, extesionsType int) []dataprovi
|
||||
exts := []string{}
|
||||
for _, e := range strings.Split(dirExts[1], ",") {
|
||||
cleanedExt := strings.TrimSpace(e)
|
||||
if len(cleanedExt) > 0 {
|
||||
if cleanedExt != "" {
|
||||
exts = append(exts, cleanedExt)
|
||||
}
|
||||
}
|
||||
if len(dir) > 0 {
|
||||
filter := dataprovider.ExtensionsFilter{
|
||||
Path: dir,
|
||||
}
|
||||
if extesionsType == 1 {
|
||||
filter.AllowedExtensions = exts
|
||||
filter.DeniedExtensions = []string{}
|
||||
if dir != "" {
|
||||
if _, ok := result[dir]; ok {
|
||||
result[dir] = append(result[dir], exts...)
|
||||
} else {
|
||||
filter.DeniedExtensions = exts
|
||||
filter.AllowedExtensions = []string{}
|
||||
result[dir] = exts
|
||||
}
|
||||
result = append(result, filter)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -342,6 +335,42 @@ func getFileExtensionsFromPostField(value string, extesionsType int) []dataprovi
|
||||
return result
|
||||
}
|
||||
|
||||
func getFilePatternsFromPostField(value string, extesionsType int) []dataprovider.PatternsFilter {
|
||||
var result []dataprovider.PatternsFilter
|
||||
for dir, values := range getListFromPostFields(value) {
|
||||
filter := dataprovider.PatternsFilter{
|
||||
Path: dir,
|
||||
}
|
||||
if extesionsType == 1 {
|
||||
filter.AllowedPatterns = values
|
||||
filter.DeniedPatterns = []string{}
|
||||
} else {
|
||||
filter.DeniedPatterns = values
|
||||
filter.AllowedPatterns = []string{}
|
||||
}
|
||||
result = append(result, filter)
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func getFileExtensionsFromPostField(value string, extesionsType int) []dataprovider.ExtensionsFilter {
|
||||
var result []dataprovider.ExtensionsFilter
|
||||
for dir, values := range getListFromPostFields(value) {
|
||||
filter := dataprovider.ExtensionsFilter{
|
||||
Path: dir,
|
||||
}
|
||||
if extesionsType == 1 {
|
||||
filter.AllowedExtensions = values
|
||||
filter.DeniedExtensions = []string{}
|
||||
} else {
|
||||
filter.DeniedExtensions = values
|
||||
filter.AllowedExtensions = []string{}
|
||||
}
|
||||
result = append(result, filter)
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func getFiltersFromUserPostFields(r *http.Request) dataprovider.UserFilters {
|
||||
var filters dataprovider.UserFilters
|
||||
filters.AllowedIP = getSliceFromDelimitedValues(r.Form.Get("allowed_ip"), ",")
|
||||
@@ -351,33 +380,16 @@ func getFiltersFromUserPostFields(r *http.Request) dataprovider.UserFilters {
|
||||
allowedExtensions := getFileExtensionsFromPostField(r.Form.Get("allowed_extensions"), 1)
|
||||
deniedExtensions := getFileExtensionsFromPostField(r.Form.Get("denied_extensions"), 2)
|
||||
extensions := []dataprovider.ExtensionsFilter{}
|
||||
if len(allowedExtensions) > 0 && len(deniedExtensions) > 0 {
|
||||
for _, allowed := range allowedExtensions {
|
||||
for _, denied := range deniedExtensions {
|
||||
if path.Clean(allowed.Path) == path.Clean(denied.Path) {
|
||||
allowed.DeniedExtensions = append(allowed.DeniedExtensions, denied.DeniedExtensions...)
|
||||
}
|
||||
}
|
||||
extensions = append(extensions, allowed)
|
||||
}
|
||||
for _, denied := range deniedExtensions {
|
||||
found := false
|
||||
for _, allowed := range allowedExtensions {
|
||||
if path.Clean(denied.Path) == path.Clean(allowed.Path) {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
extensions = append(extensions, denied)
|
||||
}
|
||||
}
|
||||
} else if len(allowedExtensions) > 0 {
|
||||
extensions = append(extensions, allowedExtensions...)
|
||||
} else if len(deniedExtensions) > 0 {
|
||||
extensions = append(extensions, deniedExtensions...)
|
||||
}
|
||||
extensions = append(extensions, allowedExtensions...)
|
||||
extensions = append(extensions, deniedExtensions...)
|
||||
filters.FileExtensions = extensions
|
||||
allowedPatterns := getFilePatternsFromPostField(r.Form.Get("allowed_patterns"), 1)
|
||||
deniedPatterns := getFilePatternsFromPostField(r.Form.Get("denied_patterns"), 2)
|
||||
patterns := []dataprovider.PatternsFilter{}
|
||||
patterns = append(patterns, allowedPatterns...)
|
||||
patterns = append(patterns, deniedPatterns...)
|
||||
filters.FilePatterns = patterns
|
||||
|
||||
return filters
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user