MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-12-07 08:12:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix multiple file upload bug #7473

Browse Source 
Signed-off-by: si458 <simonsmith5521@gmail.com>
This commit is contained in:
si458
2025-12-06 16:14:09 +00:00
parent 73e13d4c36
commit 585b9d5c1d
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
webserver.js
View File

@@ -4499,15 +4499,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const nodeid = fields.attrib[0]; const nodeid = fields.attrib[0];
obj.GetNodeWithRights(domain, user, nodeid, function (node, rights, visible) { obj.GetNodeWithRights(domain, user, nodeid, function (node, rights, visible) {
if ((node == null) || (rights != 0xFFFFFFFF) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device if ((node == null) || (rights != 0xFFFFFFFF) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device
for (var i in files.files) { files.files.forEach(function (file) {
var file = files.files[i];
obj.fs.readFile(file.path, 'utf8', function (err, data) { obj.fs.readFile(file.path, 'utf8', function (err, data) {
if (err != null) return; if (err != null) return;
data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw) data = obj.common.IntToStr(0) + data; // Add the 4 bytes encoding type & flags (Set to 0 for raw)
obj.sendMeshAgentCore(user, domain, fields.attrib[0], 'custom', data); // Upload the core obj.sendMeshAgentCore(user, domain, fields.attrib[0], 'custom', data); // Upload the core
try { obj.fs.unlinkSync(file.path); } catch (e) { } try { obj.fs.unlinkSync(file.path); } catch (e) { }
}); });
} });
res.send(''); res.send('');
}); });
}); });
@@ -4542,14 +4541,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const nodeid = fields.attrib[0]; const nodeid = fields.attrib[0];
obj.GetNodeWithRights(domain, user, nodeid, function (node, rights, visible) { obj.GetNodeWithRights(domain, user, nodeid, function (node, rights, visible) {
if ((node == null) || (rights != 0xFFFFFFFF) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device if ((node == null) || (rights != 0xFFFFFFFF) || (visible == false)) { res.sendStatus(404); return; } // We don't have remote control rights to this device
for (var i in files.files) { files.files.forEach(function (file) {
var file = files.files[i];
// Event Intel AMT One Click Recovery, this will cause Intel AMT wake operations on this and other servers. // Event Intel AMT One Click Recovery, this will cause Intel AMT wake operations on this and other servers.
parent.DispatchEvent('*', obj, { action: 'oneclickrecovery', userid: user._id, username: user.name, nodeids: [node._id], domain: domain.id, nolog: 1, file: file.path }); parent.DispatchEvent('*', obj, { action: 'oneclickrecovery', userid: user._id, username: user.name, nodeids: [node._id], domain: domain.id, nolog: 1, file: file.path });
//try { obj.fs.unlinkSync(file.path); } catch (e) { } // TODO: Remove this file after 30 minutes. //try { obj.fs.unlinkSync(file.path); } catch (e) { } // TODO: Remove this file after 30 minutes.
} });
res.send(''); res.send('');
}); });
}); });
@@ -4617,8 +4614,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
} }
} else { } else {
// More typical upload method, the file data is in a multipart mime post. // More typical upload method, the file data is in a multipart mime post.
for (var i in files.files) { files.files.forEach(function (file) {
var file = files.files[i], fpath = obj.path.join(xfile.fullpath, file.originalFilename); var fpath = obj.path.join(xfile.fullpath, file.originalFilename);
if (obj.common.IsFilenameValid(file.originalFilename) && ((xfile.quota == null) || ((totalsize + file.size) < xfile.quota))) { // Check if quota would not be broken if we add this file if (obj.common.IsFilenameValid(file.originalFilename) && ((xfile.quota == null) || ((totalsize + file.size) < xfile.quota))) { // Check if quota would not be broken if we add this file
// See if we need to create the folder // See if we need to create the folder
@@ -4646,7 +4643,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
obj.parent.DispatchEvent([user._id], obj, { action: 'notify', title: "Disk quota exceed", value: file.originalFilename, nolog: 1, id: Math.random() }); obj.parent.DispatchEvent([user._id], obj, { action: 'notify', title: "Disk quota exceed", value: file.originalFilename, nolog: 1, id: Math.random() });
try { obj.fs.unlink(file.path, function (err) { }); } catch (e) { } try { obj.fs.unlink(file.path, function (err) { }); } catch (e) { }
} }
} });
} }
} else { } else {
// Send a notification // Send a notification
@@ -4698,8 +4695,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
try { obj.fs.mkdirSync(serverpath); } catch (ex) { } try { obj.fs.mkdirSync(serverpath); } catch (ex) { }
// More typical upload method, the file data is in a multipart mime post. // More typical upload method, the file data is in a multipart mime post.
for (var i in files.files) { files.files.forEach(function (file) {
var file = files.files[i], ftarget = getRandomPassword() + '-' + file.originalFilename, fpath = obj.path.join(serverpath, ftarget); var ftarget = getRandomPassword() + '-' + file.originalFilename, fpath = obj.path.join(serverpath, ftarget);
cmd.files.push({ name: file.originalFilename, target: ftarget }); cmd.files.push({ name: file.originalFilename, target: ftarget });
// Rename the file // Rename the file
obj.fs.rename(file.path, fpath, function (err) { obj.fs.rename(file.path, fpath, function (err) {
@@ -4708,7 +4705,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
obj.common.copyFile(file.path, fpath, function (err) { obj.fs.unlink(file.path, function (err) { }); }); obj.common.copyFile(file.path, fpath, function (err) { obj.fs.unlink(file.path, function (err) { }); });
} }
}); });
} });
// Instruct one of more agents to download a URL to a given local drive location. // Instruct one of more agents to download a URL to a given local drive location.
var tlsCertHash = null; var tlsCertHash = null;