zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.9.73 - also some security updates

Browse Source
This commit is contained in:
zefie
2026-04-23 22:00:08 -04:00
parent 65e048d3fb
commit 9066ea7501
5 changed files with 22 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
zefie_wtvp_minisrv/app.js
View File

@@ -1104,7 +1104,7 @@ async function processURL(socket, request_headers, pc_services = false) {
headers += "minisrv-no-mail-count: true\n"; headers += "minisrv-no-mail-count: true\n";
data = ""; data = "";
sendToClient(socket, headers, data); sendToClient(socket, headers, data);
console.warn(" * Lockdown rejected request for " + shortURL + " on socket ID", socket.id); console.warn(" * Lockdown rejected request for %s on socket ID %d", shortURL, socket.id);
return; return;
} }
@@ -1116,7 +1116,7 @@ async function processURL(socket, request_headers, pc_services = false) {
headers += "minisrv-no-mail-count: true\n"; headers += "minisrv-no-mail-count: true\n";
data = ""; data = "";
sendToClient(socket, headers, data); sendToClient(socket, headers, data);
console.warn(" * Incomplete login rejected request for " + shortURL + " on socket ID", socket.id); console.warn(" * Incomplete login rejected request for %s on socket ID %d", shortURL, socket.id);
return; return;
} }
} }
@@ -1136,15 +1136,15 @@ Location: ${minisrv_config.config.unauthorized_url}
minisrv-no-mail-count: true`; minisrv-no-mail-count: true`;
data = ""; data = "";
sendToClient(socket, headers, data); sendToClient(socket, headers, data);
console.warn(" * Rejected login bypass request for " + shortURL + " on socket ID", socket.id); console.warn(" * Rejected login bypass request for %s on socket ID %d", shortURL, socket.id);
return; return;
} }
} }
if (pc_services) { if (pc_services) {
const ssl = (socket.ssl) ? true : false; const ssl = (socket.ssl) ? true : false;
if (original_service_name === service_name) console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service " + service_name + " for " + request_headers.request_url, 'on', socket.id); if (original_service_name === service_name) console.log(" * PC" + ((ssl) ? "SSL " : "") + "PC request on service %s for %s on %d", service_name, request_headers.request_url, socket.id);
else console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service " + original_service_name + " (Service Vault " + service_name + ") for " + request_headers.request_url, 'on', socket.id); else console.log(" * " + ((ssl) ? "SSL " : "") + "PC request on service %s (Service Vault %s) for %s on %d", original_service_name, service_name, request_headers.request_url, socket.id);
} }
if ((shortURL.includes(':/')) && (!shortURL.includes('://') || (shortURL.includes('://') && allow_double_slash) && uses_service_vault)) { if ((shortURL.includes(':/')) && (!shortURL.includes('://') || (shortURL.includes('://') && allow_double_slash) && uses_service_vault)) {
@@ -1158,9 +1158,9 @@ minisrv-no-mail-count: true`;
let reqverb = "Request"; let reqverb = "Request";
if (request_headers.encrypted || request_headers.secure) reqverb = "Encrypted " + reqverb; if (request_headers.encrypted || request_headers.secure) reqverb = "Encrypted " + reqverb;
if (ssid !== null) { if (ssid !== null) {
console.log(" * " + reqverb + " for " + request_headers.request_url + " from WebTV SSID " + (await wtvshared.filterSSID(ssid)), 'on', socket.id); console.log(" * " + reqverb + " for %s from WebTV SSID %s on socket ID %d", request_headers.request_url, await wtvshared.filterSSID(ssid), socket.id);
} else { } else {
console.log(" * " + reqverb + " for " + request_headers.request_url, 'on', socket.id); console.log(" * " + reqverb + " for %s on socket ID %d", request_headers.request_url, socket.id);
} }
if (!service_name) { if (!service_name) {
@@ -2469,16 +2469,17 @@ Content-type: text/html`;
if (typeof (req.body) === "string") { if (typeof (req.body) === "string") {
request_headers.post_data = req.body; request_headers.post_data = req.body;
} else if (Buffer.isBuffer(req.body)) { } else if (Buffer.isBuffer(req.body)) {
if (req.body.length > (minisrv_config.config.max_post_length * 1024 * 1024)) { const bodyString = req.body.toString('utf8');
if (bodyString.length > (minisrv_config.config.max_post_length * 1024 * 1024)) {
errpage = wtvshared.doErrorPage("400", "POST size too large", null, true); errpage = wtvshared.doErrorPage("400", "POST size too large", null, true);
} else { } else {
request_headers.post_data = ""; request_headers.post_data = "";
for (let i = 0; i < req.body.length; i++) { for (let i = 0; i < bodyString.length; i++) {
request_headers.post_data += String.fromCharCode(req.body[i]); request_headers.post_data += String.fromCharCode(bodyString.charCodeAt(i));
} }
} }
} else { } else {
request_headers.post_data = req.body.toString(); request_headers.post_data = req.body.toString('utf8');
} }
} else { } else {
request_headers.post_data = ""; // Invalid type (array/object), possible type confusion attack request_headers.post_data = ""; // Invalid type (array/object), possible type confusion attack

12
zefie_wtvp_minisrv/client_sim.js
View File

@@ -665,11 +665,11 @@ class WebTVClientSimulator {
// Parse headers first to check content-length // Parse headers first to check content-length
const lines = headerSection.split(/\r?\n/); const lines = headerSection.split(/\r?\n/);
const statusLine = lines[0].replace('\r', ''); const statusLine = lines[0].replaceAll('\r', '');
const headers = {}; const headers = {};
for (let i = 1; i < lines.length; i++) { for (let i = 1; i < lines.length; i++) {
const line = lines[i].replace('\r', ''); const line = lines[i].replaceAll('\r', '');
const colonIndex = line.indexOf(':'); const colonIndex = line.indexOf(':');
if (colonIndex > 0) { if (colonIndex > 0) {
const key = line.slice(0, colonIndex).toLowerCase(); const key = line.slice(0, colonIndex).toLowerCase();
@@ -807,12 +807,12 @@ class WebTVClientSimulator {
bodyBuf = Buffer.alloc(0); bodyBuf = Buffer.alloc(0);
} }
const lines = headerSection.split(/\r?\n/); const lines = headerSection.split(/\r?\n/);
const statusLine = lines[0].replace('\r', ''); const statusLine = lines[0].replaceAll('\r', '');
this.debugLog(`Status: ${statusLine}`); this.debugLog(`Status: ${statusLine}`);
// Parse headers // Parse headers
const headers = {}; const headers = {};
for (let i = 1; i < lines.length; i++) { for (let i = 1; i < lines.length; i++) {
const line = lines[i].replace('\r', ''); const line = lines[i].replaceAll('\r', '');
const colonIndex = line.indexOf(':'); const colonIndex = line.indexOf(':');
if (colonIndex > 0) { if (colonIndex > 0) {
const key = line.slice(0, colonIndex).toLowerCase(); const key = line.slice(0, colonIndex).toLowerCase();
@@ -1411,12 +1411,12 @@ class WebTVClientSimulator {
bodyBuf = Buffer.alloc(0); bodyBuf = Buffer.alloc(0);
} }
const lines = headerSection.split(/\r?\n/); const lines = headerSection.split(/\r?\n/);
const statusLine = lines[0].replace('\r', ''); const statusLine = lines[0].replaceAll('\r', '');
this.debugLog(`Content Status: ${statusLine}`); this.debugLog(`Content Status: ${statusLine}`);
// Parse headers // Parse headers
const headers = {}; const headers = {};
for (let i = 1; i < lines.length; i++) { for (let i = 1; i < lines.length; i++) {
const line = lines[i].replace('\r', ''); const line = lines[i].replaceAll('\r', '');
const colonIndex = line.indexOf(':'); const colonIndex = line.indexOf(':');
if (colonIndex > 0) { if (colonIndex > 0) {
const key = line.slice(0, colonIndex).toLowerCase(); const key = line.slice(0, colonIndex).toLowerCase();

2
zefie_wtvp_minisrv/includes/ServiceVault/wtv-setup/set-bg.js
View File

@@ -110,7 +110,7 @@ Choose the songs that you'd like to include.
let songTitle = musicList[k]['title']; let songTitle = musicList[k]['title'];
if (songTitle.length > strLenLimit) songTitle = musicList[k]['title'].slice(0, strLenLimit - 3) + "..."; if (songTitle.length > strLenLimit) songTitle = musicList[k]['title'].slice(0, strLenLimit - 3) + "...";
if (musicList.length > 14) data += '<font size="-2">'; if (musicList.length > 14) data += '<font size="-2">';
data += `<a href="${musicList[k]['url']}?wtv-title=${wtvshared.escape(musicList[k]['title'])}" onmouseout="clearTitle()" onmouseover="showTitle('${musicList[k]['title'].replace(/\'/g, "\\'")}')">${songTitle}</a> data += `<a href="${musicList[k]['url']}?wtv-title=${wtvshared.escape(musicList[k]['title'])}" onmouseout="clearTitle()" onmouseover="showTitle('${musicList[k]['title'].replaceAll(/\'/g, "\\'")}')">${songTitle}</a>
</td></tr></tbody></table>`; </td></tr></tbody></table>`;
if (musicList.length > 14) data += '</font>'; if (musicList.length > 14) data += '</font>';
songsListed++; songsListed++;

2
zefie_wtvp_minisrv/includes/classes/WTVMail.js
View File

@@ -242,7 +242,7 @@ class WTVMail {
else { else {
msg += line.replace(/\$\{(\w{1,})\}/g, function (x) { msg += line.replace(/\$\{(\w{1,})\}/g, function (x) {
let out = ''; let out = '';
const tag = x.replace("${", '').replace('}', ''); const tag = x.replaceAll("${", '').replaceAll('}', '');
if (available_tags[tag]) out = available_tags[tag]; if (available_tags[tag]) out = available_tags[tag];
return out return out
}) + "\n"; }) + "\n";

4
zefie_wtvp_minisrv/package-lock.json generated
View File

@@ -1,12 +1,12 @@
{ {
"name": "zefie_wtvp_minisrv", "name": "zefie_wtvp_minisrv",
"version": "0.9.72", "version": "0.9.73",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "zefie_wtvp_minisrv", "name": "zefie_wtvp_minisrv",
"version": "0.9.72", "version": "0.9.73",
"license": "GPL3", "license": "GPL3",
"dependencies": { "dependencies": {
"@serialport/parser-readline": "^13.0.0", "@serialport/parser-readline": "^13.0.0",