# HG changeset patch # User Kim Alvefur # Date 1500758053 -7200 # Node ID d48faff92490e07cc986370f890e633b851f1910 # Parent cd828b1cb5b91c8ffbe6d62c7cc61e9a40b5a560 mod_http_upload: Remove MIME type restrictions and checking (fixes #958) diff -r cd828b1cb5b9 -r d48faff92490 mod_http_upload/README.markdown --- a/mod_http_upload/README.markdown Sun Jul 16 19:29:05 2017 +0100 +++ b/mod_http_upload/README.markdown Sat Jul 22 23:14:13 2017 +0200 @@ -55,14 +55,6 @@ http_upload_quota = 1234 -- bytes ``` -### File types - -Accepted file types can be limited by MIME type: - -``` lua -http_upload_allowed_file_types = { "image/*", "text/plain" } -``` - Path ---- diff -r cd828b1cb5b9 -r d48faff92490 mod_http_upload/mod_http_upload.lua --- a/mod_http_upload/mod_http_upload.lua Sun Jul 16 19:29:05 2017 +0100 +++ b/mod_http_upload/mod_http_upload.lua Sat Jul 22 23:14:13 2017 +0200 @@ -31,7 +31,6 @@ local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB local quota = module:get_option_number(module.name .. "_quota"); local max_age = module:get_option_number(module.name .. "_expire_after"); -local allowed_file_types = module:get_option_set(module.name .. "_allowed_file_types"); --- sanity local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024); @@ -46,7 +45,6 @@ module:depends("disco"); local http_files = module:depends("http_files"); -local mime_map = module:shared("/*/http_files/mime").types; -- namespaces local namespace = "urn:xmpp:http:upload:0"; @@ -110,7 +108,7 @@ return sum < quota; end -local function handle_request(origin, stanza, xmlns, filename, filesize, mimetype) +local function handle_request(origin, stanza, xmlns, filename, filesize) local username, host = origin.username, origin.host; -- local clients only if origin.type ~= "c2s" then @@ -141,28 +139,6 @@ return true; end - if mime_map then - local file_ext = filename:match("%.([^.]+)$"); - if not mimetype then - mimetype = "application/octet-stream"; - if file_ext then - mimetype = mime_map[file_ext] or mimetype; - end - else - if (not file_ext and mimetype ~= "application/octet-stream") or (file_ext and mime_map[file_ext] ~= mimetype) then - origin.send(st.error_reply(stanza, "modify", "bad-request", "MIME type does not match file extension")); - return true; - end - end - end - - if allowed_file_types then - if not (allowed_file_types:contains(mimetype) or allowed_file_types:contains(mimetype:gsub("/.*", "/*"))) then - origin.send(st.error_reply(stanza, "cancel", "not-allowed", "File type not allowed")); - return true; - end - end - local reply = st.reply(stanza); reply:tag("slot", { xmlns = xmlns }); @@ -207,8 +183,7 @@ local request = stanza.tags[1]; local filename = request.attr.filename; local filesize = tonumber(request.attr.size); - local mimetype = request.attr["content-type"]; - return handle_request(origin, stanza, namespace, filename, filesize, mimetype); + return handle_request(origin, stanza, namespace, filename, filesize); end); module:hook("iq/host/"..legacy_namespace..":request", function (event) @@ -216,8 +191,7 @@ local request = stanza.tags[1]; local filename = request:get_child_text("filename"); local filesize = tonumber(request:get_child_text("size")); - local mimetype = request:get_child_text("content-type"); - return handle_request(origin, stanza, legacy_namespace, filename, filesize, mimetype); + return handle_request(origin, stanza, legacy_namespace, filename, filesize); end); -- http service