changeset 2683:d0948bd96a7b

mod_http_upload: Add support for limiting file types to upload
author Kim Alvefur <zash@zash.se>
date Thu, 13 Apr 2017 20:29:41 +0200
parents 3fd50495c89d
children e491a15d7621
files mod_http_upload/README.markdown mod_http_upload/mod_http_upload.lua
diffstat 2 files changed, 16 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_upload/README.markdown	Thu Apr 13 20:26:24 2017 +0200
+++ b/mod_http_upload/README.markdown	Thu Apr 13 20:29:41 2017 +0200
@@ -55,6 +55,14 @@
 http_upload_quota = 1234 -- bytes
 ```
 
+### File types
+
+Accepted file types can be limited by MIME type:
+
+``` lua
+http_upload_allowed_file_types = { "image/*", "text/plain" }
+```
+
 Path
 ----
 
--- a/mod_http_upload/mod_http_upload.lua	Thu Apr 13 20:26:24 2017 +0200
+++ b/mod_http_upload/mod_http_upload.lua	Thu Apr 13 20:29:41 2017 +0200
@@ -31,6 +31,7 @@
 local file_size_limit = module:get_option_number(module.name .. "_file_size_limit", 1024 * 1024); -- 1 MB
 local quota = module:get_option_number(module.name .. "_quota");
 local max_age = module:get_option_number(module.name .. "_expire_after");
+local allowed_file_types = module:get_option_set(module.name .. "_allowed_file_types");
 
 --- sanity
 local parser_body_limit = module:context("*"):get_option_number("http_max_content_size", 10*1024*1024);
@@ -140,6 +141,13 @@
 		end
 	end
 
+	if allowed_file_types then
+		if not (allowed_file_types:contains(mimetype) or allowed_file_types:contains(mimetype:gsub("/.*", "/*"))) then
+			origin.send(st.error_reply(stanza, "cancel", "not-allowed", "File type not allowed"));
+			return true;
+		end
+	end
+
 	local reply = st.reply(stanza);
 	reply:tag("slot", { xmlns = xmlns });