WebHost: Detect confusion of settings zip and seed zip (#1227)

This commit is contained in:
recklesscoder 2022-12-06 00:40:51 +01:00 committed by GitHub
parent ffc000ec91
commit 0e4fa378dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 7 deletions

View File

@ -2,7 +2,7 @@ import json
import pickle
from uuid import UUID
from flask import request, session, url_for
from flask import request, session, url_for, Markup
from pony.orm import commit
from WebHostLib import app
@ -21,7 +21,9 @@ def generate_api():
if 'file' in request.files:
file = request.files['file']
options = get_yaml_data(file)
if type(options) == str:
if isinstance(options, Markup):
return {"text": options.striptags()}, 400
if isinstance(options, str):
return {"text": options}, 400
if "race" in request.form:
race = bool(0 if request.form["race"] in {"false"} else int(request.form["race"]))

View File

@ -1,7 +1,7 @@
import zipfile
from typing import *
from flask import request, flash, redirect, url_for, render_template
from flask import request, flash, redirect, url_for, render_template, Markup
from WebHostLib import app
@ -25,7 +25,7 @@ def check():
else:
file = request.files['file']
options = get_yaml_data(file)
if type(options) == str:
if isinstance(options, str):
flash(options)
else:
results, _ = roll_options(options)
@ -38,7 +38,7 @@ def mysterycheck():
return redirect(url_for("check"), 301)
def get_yaml_data(file) -> Union[Dict[str, str], str]:
def get_yaml_data(file) -> Union[Dict[str, str], str, Markup]:
options = {}
# if user does not select file, browser also
# submit an empty part without filename
@ -50,6 +50,10 @@ def get_yaml_data(file) -> Union[Dict[str, str], str]:
with zipfile.ZipFile(file, 'r') as zfile:
infolist = zfile.infolist()
if any(file.filename.endswith(".archipelago") for file in infolist):
return Markup("Error: Your .zip file contains an .archipelago file. "
'Did you mean to <a href="/uploads">host a game</a>?')
for file in infolist:
if file.filename.endswith(banned_zip_contents):
return "Uploaded data contained a rom file, which is likely to contain copyrighted material. Your file was deleted."

View File

@ -52,7 +52,7 @@ def generate(race=False):
else:
file = request.files['file']
options = get_yaml_data(file)
if type(options) == str:
if isinstance(options, str):
flash(options)
else:
meta = get_meta(request.form)

View File

@ -105,6 +105,9 @@ h5, h6{
margin-bottom: 20px;
background-color: #ffff00;
}
.user-message a{
color: #ff7700;
}
.interactive{
color: #ffef00;

View File

@ -5,7 +5,7 @@ import uuid
import zipfile
from io import BytesIO
from flask import request, flash, redirect, url_for, session, render_template
from flask import request, flash, redirect, url_for, session, render_template, Markup
from pony.orm import flush, select
import MultiServer
@ -22,6 +22,10 @@ def upload_zip_to_db(zfile: zipfile.ZipFile, owner=None, meta={"race": False}, s
if not owner:
owner = session["_id"]
infolist = zfile.infolist()
if all(file.filename.endswith((".yaml", ".yml")) or file.is_dir() for file in infolist):
flash(Markup("Error: Your .zip file only contains .yaml files. "
'Did you mean to <a href="/generate">generate a game</a>?'))
return
slots: typing.Set[Slot] = set()
spoiler = ""
files = {}