Add HTTPS check for ffmpeg and custom embeds

This commit is contained in:
Calvin Montgomery 2017-01-05 20:58:07 -08:00
parent 5f4e9076df
commit e2abb90d14
6 changed files with 54 additions and 11 deletions

View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery",
"name": "CyTube",
"description": "Online media synchronizer and chat",
"version": "3.26.0",
"version": "3.27.0",
"repository": {
"url": "http://github.com/calzoneman/sync"
},
@ -53,10 +53,12 @@
"build-server": "babel -D --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/",
"postinstall": "./postinstall.sh",
"server-dev": "babel -D --watch --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/",
"generate-userscript": "$npm_node_execpath gdrive-userscript/generate-userscript $@ > www/js/cytube-google-drive.user.js"
"generate-userscript": "$npm_node_execpath gdrive-userscript/generate-userscript $@ > www/js/cytube-google-drive.user.js",
"test": "mocha"
},
"devDependencies": {
"coffee-script": "^1.9.2"
"coffee-script": "^1.9.2",
"mocha": "^3.2.0"
},
"babel": {
"presets": [

View file

@ -414,3 +414,26 @@ exports.get = function (key) {
return obj[current];
};
/**
* Sets a configuration value with the given key
*
* Accepts a dot-separated key for nested values, e.g. "http.port"
* Throws an error if a nonexistant key is requested
*/
exports.set = function (key, value) {
var obj = cfg;
var keylist = key.split(".");
var current = keylist.shift();
var path = current;
while (keylist.length > 0) {
if (!(current in obj)) {
throw new Error("Nonexistant config key '" + path + "." + current + "'");
}
obj = obj[current];
current = keylist.shift();
path += "." + current;
}
obj[current] = value;
};

View file

@ -44,6 +44,10 @@ function filterEmbed(tag) {
"is allowed for <embed> tags.");
}
if (!/^https:/.test(tag.attribs.src)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = {
embed: {
tag: "object",
@ -67,6 +71,10 @@ function filterObject(tag) {
"is allowed for <object> tags.");
}
if (!/^https:/.test(tag.attribs.data)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = {
embed: {
tag: "object",
@ -86,6 +94,10 @@ function filterObject(tag) {
}
function filterIframe(tag) {
if (!/^https:/.test(tag.attribs.src)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = {
embed: {
tag: "iframe",

View file

@ -40,7 +40,7 @@ function initFFLog() {
}
function fixRedirectIfNeeded(urldata, redirect) {
if (!/^https?:/.test(redirect)) {
if (!/^https:/.test(redirect)) {
redirect = urldata.protocol + "//" + urldata.host + redirect;
}
@ -74,8 +74,8 @@ function translateStatusCode(statusCode) {
function testUrl(url, cb, redirCount) {
if (!redirCount) redirCount = 0;
var data = urlparse.parse(url);
if (!/https?:/.test(data.protocol)) {
return cb("Only links starting with 'http://' or 'https://' are supported " +
if (!/https:/.test(data.protocol)) {
return cb("Only links starting with 'https://' are supported " +
"for raw audio/video support");
}
@ -315,9 +315,9 @@ exports.query = function (filename, cb) {
return cb("Raw file playback is not enabled on this server");
}
if (!filename.match(/^https?:\/\//)) {
return cb("Raw file playback is only supported for links accessible via HTTP " +
"or HTTPS. Ensure that the link begins with 'http://' or 'https://'");
if (!filename.match(/^https:\/\//)) {
return cb("Raw file playback is only supported for links accessible via HTTPS. " +
"Ensure that the link begins with 'https://'.");
}
testUrl(filename, function (err) {

View file

@ -446,7 +446,7 @@ $("#mediaurl").keyup(function(ev) {
queue("end", "url");
} else {
var url = $("#mediaurl").val().split("?")[0];
if (url.match(/^https?:\/\/(.*)?\.(flv|mp4|og[gv]|webm|mp3|mov|m4a)$/) ||
if (url.match(/^https:\/\/(.*)?\.(flv|mp4|og[gv]|webm|mp3|mov|m4a)$/) ||
url.match(/^fi:/)) {
var title = $("#addfromurl-title");
if (title.length === 0) {

View file

@ -1426,7 +1426,13 @@ function parseMediaLink(url) {
/* Raw file */
var tmp = url.split("?")[0];
if (tmp.match(/^https?:\/\//)) {
if (tmp.match(/\.(mp4|flv|webm|og[gv]|mp3|mov|m4a)$/)) {
if (tmp.match(/^http:/)) {
Callbacks.queueFail({
link: url,
msg: "Raw files must begin with 'https'. Plain http is not supported."
});
throw new Error("ERROR_QUEUE_HTTP");
} else if (tmp.match(/\.(mp4|flv|webm|og[gv]|mp3|mov|m4a)$/)) {
return {
id: url,
type: "fi"