v0.9.73 - also some security updates
This commit is contained in:
zefie
@@ -1104,7 +1104,7 @@ async function processURL(socket, request_headers, pc_services = false) {
|
||||
headers += "minisrv-no-mail-count: true\n";
|
||||
data = "";
|
||||
sendToClient(socket, headers, data);
|
||||
console.warn(" * Lockdown rejected request for " + shortURL + " on socket ID", socket.id);
|
||||
console.warn(" * Lockdown rejected request for %s on socket ID %d", shortURL, socket.id);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1116,7 +1116,7 @@ async function processURL(socket, request_headers, pc_services = false) {
|
||||
headers += "minisrv-no-mail-count: true\n";
|
||||
data = "";
|
||||
sendToClient(socket, headers, data);
|
||||
console.warn(" * Incomplete login rejected request for " + shortURL + " on socket ID", socket.id);
|
||||
console.warn(" * Incomplete login rejected request for %s on socket ID %d", shortURL, socket.id);
|
||||
return;
|
||||
}
|
||||
}
|
||||
@@ -1136,15 +1136,15 @@ Location: ${minisrv_config.config.unauthorized_url}
|
||||
minisrv-no-mail-count: true`;
|
||||
data = "";
|
||||
sendToClient(socket, headers, data);
|
||||
console.warn(" * Rejected login bypass request for " + shortURL + " on socket ID", socket.id);
|
||||
console.warn(" * Rejected login bypass request for %s on socket ID %d", shortURL, socket.id);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (pc_services) {
|
||||
const ssl = (socket.ssl) ? true : false;
|
||||
if (original_service_name === service_name) console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service " + service_name + " for " + request_headers.request_url, 'on', socket.id);
|
||||
else console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service " + original_service_name + " (Service Vault " + service_name + ") for " + request_headers.request_url, 'on', socket.id);
|
||||
if (original_service_name === service_name) console.log(" * PC" + ((ssl) ? "SSL " : "") + "PC request on service %s for %s on %d", service_name, request_headers.request_url, socket.id);
|
||||
else console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service %s (Service Vault %s) for %s on %d", original_service_name, service_name, request_headers.request_url, socket.id);
|
||||
}
|
||||
|
||||
if ((shortURL.includes(':/')) && (!shortURL.includes('://') || (shortURL.includes('://') && allow_double_slash) && uses_service_vault)) {
|
||||
@@ -1158,9 +1158,9 @@ minisrv-no-mail-count: true`;
|
||||
let reqverb = "Request";
|
||||
if (request_headers.encrypted || request_headers.secure) reqverb = "Encrypted " + reqverb;
|
||||
if (ssid !== null) {
|
||||
console.log(" * " + reqverb + " for " + request_headers.request_url + " from WebTV SSID " + (await wtvshared.filterSSID(ssid)), 'on', socket.id);
|
||||
console.log(" * " + reqverb + " for %s from WebTV SSID %s on socket ID %d", request_headers.request_url, await wtvshared.filterSSID(ssid), socket.id);
|
||||
} else {
|
||||
console.log(" * " + reqverb + " for " + request_headers.request_url, 'on', socket.id);
|
||||
console.log(" * " + reqverb + " for %s on socket ID %d", request_headers.request_url, socket.id);
|
||||
}
|
||||
|
||||
if (!service_name) {
|
||||
@@ -2469,16 +2469,17 @@ Content-type: text/html`;
|
||||
if (typeof (req.body) === "string") {
|
||||
request_headers.post_data = req.body;
|
||||
} else if (Buffer.isBuffer(req.body)) {
|
||||
if (req.body.length > (minisrv_config.config.max_post_length * 1024 * 1024)) {
|
||||
const bodyString = req.body.toString('utf8');
|
||||
if (bodyString.length > (minisrv_config.config.max_post_length * 1024 * 1024)) {
|
||||
errpage = wtvshared.doErrorPage("400", "POST size too large", null, true);
|
||||
} else {
|
||||
request_headers.post_data = "";
|
||||
for (let i = 0; i < req.body.length; i++) {
|
||||
request_headers.post_data += String.fromCharCode(req.body[i]);
|
||||
for (let i = 0; i < bodyString.length; i++) {
|
||||
request_headers.post_data += String.fromCharCode(bodyString.charCodeAt(i));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
request_headers.post_data = req.body.toString();
|
||||
request_headers.post_data = req.body.toString('utf8');
|
||||
}
|
||||
} else {
|
||||
request_headers.post_data = ""; // Invalid type (array/object), possible type confusion attack
|
||||
|
||||
@@ -665,11 +665,11 @@ class WebTVClientSimulator {
|
||||
|
||||
// Parse headers first to check content-length
|
||||
const lines = headerSection.split(/\r?\n/);
|
||||
const statusLine = lines[0].replace('\r', '');
|
||||
const statusLine = lines[0].replaceAll('\r', '');
|
||||
|
||||
const headers = {};
|
||||
for (let i = 1; i < lines.length; i++) {
|
||||
const line = lines[i].replace('\r', '');
|
||||
const line = lines[i].replaceAll('\r', '');
|
||||
const colonIndex = line.indexOf(':');
|
||||
if (colonIndex > 0) {
|
||||
const key = line.slice(0, colonIndex).toLowerCase();
|
||||
@@ -807,12 +807,12 @@ class WebTVClientSimulator {
|
||||
bodyBuf = Buffer.alloc(0);
|
||||
}
|
||||
const lines = headerSection.split(/\r?\n/);
|
||||
const statusLine = lines[0].replace('\r', '');
|
||||
const statusLine = lines[0].replaceAll('\r', '');
|
||||
this.debugLog(`Status: ${statusLine}`);
|
||||
// Parse headers
|
||||
const headers = {};
|
||||
for (let i = 1; i < lines.length; i++) {
|
||||
const line = lines[i].replace('\r', '');
|
||||
const line = lines[i].replaceAll('\r', '');
|
||||
const colonIndex = line.indexOf(':');
|
||||
if (colonIndex > 0) {
|
||||
const key = line.slice(0, colonIndex).toLowerCase();
|
||||
@@ -1411,12 +1411,12 @@ class WebTVClientSimulator {
|
||||
bodyBuf = Buffer.alloc(0);
|
||||
}
|
||||
const lines = headerSection.split(/\r?\n/);
|
||||
const statusLine = lines[0].replace('\r', '');
|
||||
const statusLine = lines[0].replaceAll('\r', '');
|
||||
this.debugLog(`Content Status: ${statusLine}`);
|
||||
// Parse headers
|
||||
const headers = {};
|
||||
for (let i = 1; i < lines.length; i++) {
|
||||
const line = lines[i].replace('\r', '');
|
||||
const line = lines[i].replaceAll('\r', '');
|
||||
const colonIndex = line.indexOf(':');
|
||||
if (colonIndex > 0) {
|
||||
const key = line.slice(0, colonIndex).toLowerCase();
|
||||
|
||||
@@ -110,7 +110,7 @@ Choose the songs that you'd like to include.
|
||||
let songTitle = musicList[k]['title'];
|
||||
if (songTitle.length > strLenLimit) songTitle = musicList[k]['title'].slice(0, strLenLimit - 3) + "...";
|
||||
if (musicList.length > 14) data += '<font size="-2">';
|
||||
data += `<a href="${musicList[k]['url']}?wtv-title=${wtvshared.escape(musicList[k]['title'])}" onmouseout="clearTitle()" onmouseover="showTitle('${musicList[k]['title'].replace(/\'/g, "\\'")}')">${songTitle}</a>
|
||||
data += `<a href="${musicList[k]['url']}?wtv-title=${wtvshared.escape(musicList[k]['title'])}" onmouseout="clearTitle()" onmouseover="showTitle('${musicList[k]['title'].replaceAll(/\'/g, "\\'")}')">${songTitle}</a>
|
||||
</td></tr></tbody></table>`;
|
||||
if (musicList.length > 14) data += '</font>';
|
||||
songsListed++;
|
||||
|
||||
@@ -242,7 +242,7 @@ class WTVMail {
|
||||
else {
|
||||
msg += line.replace(/\$\{(\w{1,})\}/g, function (x) {
|
||||
let out = '';
|
||||
const tag = x.replace("${", '').replace('}', '');
|
||||
const tag = x.replaceAll("${", '').replaceAll('}', '');
|
||||
if (available_tags[tag]) out = available_tags[tag];
|
||||
return out
|
||||
}) + "\n";
|
||||
|
||||
4
zefie_wtvp_minisrv/package-lock.json
generated
4
zefie_wtvp_minisrv/package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "zefie_wtvp_minisrv",
|
||||
"version": "0.9.72",
|
||||
"version": "0.9.73",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "zefie_wtvp_minisrv",
|
||||
"version": "0.9.72",
|
||||
"version": "0.9.73",
|
||||
"license": "GPL3",
|
||||
"dependencies": {
|
||||
"@serialport/parser-readline": "^13.0.0",
|
||||
|
||||
Reference in New Issue
Block a user