fix RCE, thank you @Camas

2022-06-17 20:36:34 +02:00 · 2022-06-17 20:36:34 +02:00 · 30ed6daa26
parent 4bae98dab0
commit 30ed6daa26
1 changed files with 3 additions and 4 deletions
--- a/files/helpers/media.py
+++ b/files/helpers/media.py
@ -10,7 +10,7 @@ from .const import *


 def process_audio(file):
-	name = f'/audio/{time.time()}'.replace('.','') + '.' + file.filename.split('.')[-1].lower()
+	name = f'/audio/{time.time()}'.replace('.','') + '.mp3'
 	file.save(name)

 	if os.stat(name).st_size > 8 * 1024 * 1024:
@ -24,8 +24,7 @@ def process_audio(file):

 def process_video(file):
 	old = f'/videos/{time.time()}'.replace('.','')
-	extension = file.filename.split('.')[-1].lower()
-	new = old + '.' + extension
+	new = old + '.mp4'

 	if extension == 'webm':
 		file.save(new)
@ -71,4 +70,4 @@ def process_image(patron, filename=None, resize=0):
 			i = ImageOps.exif_transpose(i)
 			i.save(filename, format="WEBP", method=6)

-	return filename
+	return filename