From f90caa452953aa14b05305dadcf254d289d73386 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Wed, 11 May 2022 00:22:05 +0200 Subject: [PATCH] use acls for attachemnt permissions, proper forking of background conversions --- attachment.sh | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/attachment.sh b/attachment.sh index 89b90ae..43e70c5 100755 --- a/attachment.sh +++ b/attachment.sh @@ -39,7 +39,8 @@ attachment_convert(){ res=$(ffprobe -show_entries stream=width "$attpath" 2>&-) res="${res#*width=}" res="${res%%${BR}*}" if [ "$res" -gt 1280 ]; then - ( ffmpeg -y -nostdin -i "$attpath" \ + ( exec >&- 2>&1; + ffmpeg -y -nostdin -i "$attpath" \ -c:v libvpx -vf scale=1280:-2 -crf 28 -b:v 0 \ -c:a libvorbis -q:a 6 \ "${cachepath%.*}.tmp.webm" \ @@ -47,7 +48,8 @@ attachment_convert(){ & ) & else - ( ffmpeg -y -nostdin -i "$attpath" \ + ( exec >&- 2>&1; + ffmpeg -y -nostdin -i "$attpath" \ -c:v libvpx -crf 28 -b:v 0 \ -c:a libvorbis -q:a 6 \ "${cachepath%.*}.tmp.webm" \ @@ -62,7 +64,9 @@ attachment_convert(){ if [ "${PATH_INFO%/\[attachment\]/}" != "${PATH_INFO}" ]; then . "$_EXEC/multipart.sh" - if multipart_cache; then + + if [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ] && acl_write "${PATH_INFO%\[attachment\]/}"; then + multipart_cache mkdir -p "$_DATA/pages/${PATH_INFO%/\[attachment\]/}/#attachments/" n=1; while filename=$(multipart_filename "file" "$n"); do filename="$(printf %s "$filename" |tr /\\0 __)" @@ -71,13 +75,20 @@ if [ "${PATH_INFO%/\[attachment\]/}" != "${PATH_INFO}" ]; then done rm -- "$multipart_cachefile" REDIRECT "${_BASE}${PATH_INFO}" - else + elif [ "${CONTENT_TYPE%%;*}" = "multipart/form-data" ]; then + theme_403 + elif acl_read "${PATH_INFO%\[attachment\]/}"; then theme_attachments "${PATH_INFO%\[attachment\]/}" + else + theme_404 fi elif [ "${PATH_INFO%/\[attachment\]/*}" != "${PATH_INFO}" ]; then attpath="${PATH_INFO%/\[attachment\]/*}/#attachments/${PATH_INFO##*/}" - if [ -f "$_DATA/pages/$attpath" ]; then + + if ! acl_read "${PATH_INFO%/\[attachment\]/*}"; then + theme_403 + elif [ -f "$_DATA/pages/$attpath" ]; then FILE "$_DATA/pages/$attpath" elif [ -f "$_EXEC/pages/$attpath" ]; then FILE "$_EXEC/pages/$attpath" @@ -88,12 +99,17 @@ elif [ "${PATH_INFO%/\[attachment\]/*}" != "${PATH_INFO}" ]; then elif [ "${PATH_INFO%/}" = "${PATH_INFO}" ]; then attpath="${PATH_INFO%/*}/#attachments/${PATH_INFO##*/}" - if [ -f "$_DATA/pages/$attpath" ]; then + + if ! acl_read "${PATH_INFO%/*}/"; then + theme_403 + elif [ -f "$_DATA/pages/$attpath" ]; then FILE "$(attachment_convert "$_DATA/pages/$attpath")" elif [ -f "$_EXEC/pages/$attpath" ]; then FILE "$(attachment_convert "$_EXEC/pages/$attpath")" elif [ -d "$_DATA/pages/${PATH_INFO}" -o -d "$_EXEC/pages/${PATH_INFO}" ]; then REDIRECT "${_BASE}${PATH_INFO}/" + else + theme_404 fi exit 0 -- 2.39.2