external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Fixed content disposition crashes.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2020-10-23 13:49:38 -07:00
parent 05ebe75074
commit 27193af0c5
2 changed files with 58 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

30
meshdevicefile.js
View file

@ -203,20 +203,7 @@ module.exports.CreateMeshDeviceFile = function (parent, ws, res, req, domain, us
try { cmd = JSON.parse(data); } catch (ex) { }
if ((cmd == null) || (typeof cmd.op == 'string')) {
if (cmd.op == 'ok') {
var filename = require('path').basename(this.file).split('\\').join('').split('/').join('').split(':').join('').split('*').join('').split('?').join('').split('"').join('').split('<').join('').split('>').join('').split('|').join('').split(' ').join('').split('\'').join('');
if (typeof cmd.size == 'number') {
try {
this.res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="' + filename + '"', 'Content-Length': cmd.size });
} catch (ex) {
this.res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="file.bin"', 'Content-Length': cmd.size });
}
} else {
try {
this.res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="' + filename + '"' });
} catch (ex) {
this.res.set({ 'Cache-Control': 'no-store', 'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename="file.bin"'});
}
}
setContentDispositionHeader(this.res, 'application/octet-stream', filename, cmd.size, 'file.bin');
} else {
try { this.res.sendStatus(401); } catch (ex) { }
}
@ -288,6 +275,21 @@ module.exports.CreateMeshDeviceFile = function (parent, ws, res, req, domain, us
if (obj.sendAgentMessage(command, user, domain.id) == false) { delete obj.id; parent.parent.debug('relay', 'FileRelay: Unable to contact this agent (' + obj.req.clientIp + ')'); }
}
// Set the content disposition header for a HTTP response.
// Because the filename can't have any special characters in it, we need to be extra careful.
function setContentDispositionHeader(res, type, name, size, altname) {
var name = require('path').basename(name).split('\\').join('').split('/').join('').split(':').join('').split('*').join('').split('?').join('').split('"').join('').split('<').join('').split('>').join('').split('|').join('').split(' ').join('').split('\'').join('');
try {
var x = { 'Cache-Control': 'no-store', 'Content-Type': type, 'Content-Disposition': 'attachment; filename="' + name + '"' };
if (typeof size == 'number') { x['Content-Length'] = size; }
res.set(x);
} catch (ex) {
var x = { 'Cache-Control': 'no-store', 'Content-Type': type, 'Content-Disposition': 'attachment; filename="' + altname + '"' };
if (typeof size == 'number') { x['Content-Length'] = size; }
res.set(x);
}
}
// If this is not an authenticated session, or the session does not have routing instructions, just go ahead an connect to existing session.
performRelay();
return obj;