Simon/ConvertX
1
0
Fork 0
mirror of https://github.com/C4illin/ConvertX.git synced 2026-06-27 22:45:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: fix path traversal vulnerability in conversion API (#532)

Browse Source
This commit is contained in:
Fluxmux
2026-04-27 21:43:47 +02:00
committed by GitHub
parent 1ba82cf1b2
commit 0965928949
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/converters/main.ts
View File

@@ -164,13 +164,18 @@ export async function handleConvert(
const toProcess: Promise<string>[] = [];
for (const fileName of chunk) {
const filePath = `${userUploadsDir}${fileName}`;
const fileTypeOrig = fileName.split(".").pop() ?? "";
const fileTypeOrig = fileName.includes(".") ? (fileName.split(".").pop() ?? "") : "";
const fileType = normalizeFiletype(fileTypeOrig);
const newFileExt = normalizeOutputFiletype(convertTo);
const newFileName = fileName.replace(
new RegExp(`${fileTypeOrig}(?!.*${fileTypeOrig})`),
newFileExt,
);
let newFileName: string;
if (fileTypeOrig === "") {
newFileName = `${fileName}.${newFileExt}`;
} else {
newFileName = fileName.replace(
new RegExp(`${fileTypeOrig}(?!.*${fileTypeOrig})`),
newFileExt,
);
}
const targetPath = `${userOutputDir}${newFileName}`;
toProcess.push(
new Promise((resolve, reject) => {

7
src/pages/convert.tsx
View File

@@ -47,7 +47,12 @@ export const convert = new Elysia().use(userService).post(
const convertTo = normalizeFiletype(body.convert_to.split(",")[0] ?? "");
const converterName = body.convert_to.split(",")[1];
if (!converterName) {
if (
!converterName ||
convertTo.includes("/") ||
convertTo.includes("\\") ||
convertTo.includes("..")
) {
return redirect(`${WEBROOT}/`, 302);
}