diff options
| author | anon | 2025-07-05 23:39:24 +0200 |
|---|---|---|
| committer | anon | 2025-07-05 23:39:24 +0200 |
| commit | be96ef3c69aa497dd0a663de6cc3318fa7d77893 (patch) | |
| tree | f49d9901f2a3603f1117946d3a85bd6e1e976fa7 | |
| parent | 82684d6d1ca7e744af74ad8da3b9ea2708d1c468 (diff) | |
| download | emil-up.chud.cyou-be96ef3c69aa497dd0a663de6cc3318fa7d77893.tar.xz emil-up.chud.cyou-be96ef3c69aa497dd0a663de6cc3318fa7d77893.tar.zst | |
fix bug, implement overwritting, bump todo
| -rw-r--r-- | TODO.md | 4 | ||||
| -rwxr-xr-x | upchud.tcl | 12 |
2 files changed, 13 insertions, 3 deletions
@@ -1,2 +1,4 @@ -* configurable force overwritting * include some tmp file cleaner scripts or atleast leave recommendations +* by spoofing the request, it might be currently possible to upload files +to a parent dictionary; this should be tested and fixed, but should be fine +as long as the person running the service doesnt run it as root @@ -15,6 +15,8 @@ set mangle_char_set {0123456789abcdefghijklmnopqrstuvwxyz} # $::mangle_lenght and $::mangle_char_set are small, you could end up with a dead lock. # This value is the fail-safe. set max_save_attempts 20 +# Alternative to $::max_save_attempts. When on, collisons clobber. +set overwrite_uploads 0 # The output of this function is (ideally) what the user will see. # I have provided a few default behaviours, but you do you champ. proc send_success {upload_name} { @@ -107,13 +109,19 @@ proc get_out_name {orig_name} { return $name } - if { $::mangle_lenght == 0 } { return $orig_name } + if { $::mangle_lenght == 0 } { + if { $::overwrite_uploads || ![file exists $out_name] } { + return "$::outdir/$orig_name" + } else { + raise_fatal + } + } set extension [file extension $orig_name] for { set tries 1 } { $tries <= $::max_save_attempts } { incr tries } { set out_name "$::outdir/[get_random_name]$extension" - if { ![file exists $out_name] } { break } + if { $::overwrite_uploads || ![file exists $out_name] } { break } } return $out_name |
