diff options
author | FChannel <=> | 2021-01-18 04:41:21 -0800 |
---|---|---|
committer | FChannel <=> | 2021-01-18 04:41:21 -0800 |
commit | 8244af05eaa9f66df12095c76309b454bde525d7 (patch) | |
tree | b96a62c2af1597ab77dbaf042c54e43c680b5bc1 /main.go | |
parent | 78ccd8e434d24dccaeec0c1c6fb14f5c991bd567 (diff) |
fixed sql injection vulnerabilites.
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 20 |
1 files changed, 15 insertions, 5 deletions
@@ -52,7 +52,8 @@ func main() { if GetConfigValue("instancename") != "" { CreateNewBoardDB(db, *CreateNewActor("", GetConfigValue("instancename"), GetConfigValue("instancesummary"), authReq, false)) } - + + CreateNewBoardDB(db, *CreateNewActor("m", "me", "me so go go", authReq, false)) // Allow access to public media folder fileServer := http.FileServer(http.Dir("./public")) @@ -219,8 +220,15 @@ func main() { return } - id := values - DeleteObject(db, id) + var obj ObjectBase + obj.Id = values + + count, _ := GetObjectRepliesDBCount(db, obj) + if count == 0 { + DeleteObject(db, obj.Id) + } else { + DeleteObjectAndReplies(db, obj.Id) + } w.Write([]byte("")) }) @@ -248,6 +256,7 @@ func main() { id := values DeleteAttachmentFromFile(db, id) + DeletePreviewFromFile(db, id) w.Write([]byte("")) }) @@ -258,7 +267,6 @@ func main() { header := r.Header.Get("Authorization") auth := strings.Split(header, " ") - if close == "1" { if !IsIDLocal(db, id) || len(auth) < 2 { w.WriteHeader(http.StatusBadRequest) @@ -266,6 +274,8 @@ func main() { return } + + actor := GetActorFromPath(db, id, "/") if !HasAuth(db, auth[1], actor.Id) { @@ -584,7 +594,7 @@ func CreatePreviewObject(obj ObjectBase) *NestedObjectBase { objFile := re.FindString(obj.Href) - cmd := exec.Command("convert", "." + objFile ,"-resize", "250x250", "." + href) + cmd := exec.Command("convert", "." + objFile ,"-resize", "250x250>", "." + href) err := cmd.Run() |