aboutsummaryrefslogtreecommitdiff
path: root/outboxPost.go
diff options
context:
space:
mode:
Diffstat (limited to 'outboxPost.go')
-rw-r--r--outboxPost.go41
1 files changed, 39 insertions, 2 deletions
diff --git a/outboxPost.go b/outboxPost.go
index 356647e..a827e21 100644
--- a/outboxPost.go
+++ b/outboxPost.go
@@ -7,6 +7,7 @@ import _ "github.com/lib/pq"
import "encoding/json"
import "reflect"
import "io/ioutil"
+import "mime/multipart"
import "os"
import "regexp"
import "strings"
@@ -24,6 +25,8 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) {
r.ParseMultipartForm(5 << 20)
if(BoardHasAuthType(db, actor.Name, "captcha") && CheckCaptcha(db, r.FormValue("captcha"))) {
f, header, _ := r.FormFile("file")
+ defer f.Close()
+
if(header != nil) {
if(header.Size > (7 << 20)){
w.WriteHeader(http.StatusRequestEntityTooLarge)
@@ -31,6 +34,12 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) {
return
}
+ if(IsMediaBanned(db, f)) {
+ fmt.Println("media banned")
+ http.Redirect(w, r, Domain, http.StatusSeeOther)
+ return
+ }
+
contentType, _ := GetFileContentType(f)
if(!SupportedMIMEType(contentType)) {
@@ -39,7 +48,7 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) {
return
}
}
-
+
var nObj = CreateObject("Note")
nObj = ObjectFromForm(r, db, nObj)
@@ -339,7 +348,6 @@ func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase {
err := cmd.Run()
CheckError(err, "error with removing exif data from image")
-
}
obj.Preview = CreatePreviewObject(obj.Attachment[0])
@@ -617,3 +625,32 @@ func MakeActivityFollowingReq(w http.ResponseWriter, r *http.Request, activity A
return false
}
+
+func IsMediaBanned(db *sql.DB, f multipart.File) bool {
+ f.Seek(0, 0)
+
+ fileBytes, _ := ioutil.ReadAll(f)
+
+ hash := HashBytes(fileBytes)
+
+ f.Seek(0, 0)
+
+ query := `select hash from bannedmedia where hash=$1`
+
+ rows, err := db.Query(query, hash)
+
+ CheckError(err, "could not get hash from banned media in db")
+
+ var h string
+
+ defer rows.Close()
+
+ rows.Next()
+ rows.Scan(&h)
+
+ if h == hash {
+ return true
+ }
+
+ return false
+}