modules: factor out checkUploadFile

2024-11-21 23:25:08 +00:00 · 2021-02-10 21:11:15 +01:00 · 2021-02-10 21:11:15 +01:00 · b1f6a0b230
commit b1f6a0b230
parent 785e769460
3 changed files with 38 additions and 53 deletions
--- a/bashbot.sh
+++ b/bashbot.sh
@ -30,7 +30,7 @@ BOTCOMMANDS="-h  help  init  start  stop  status  suspendback  resumeback  killb
 #     8 - curl/wget missing
 #     10 - not bash!
 #
-#### $$VERSION$$ v1.45-dev-15-gd3a1cec
+#### $$VERSION$$ v1.45-dev-24-g785e769
 ##################################################################

 # are we running in a terminal?
@ -509,6 +509,36 @@ sendJson(){
 	[ -n "${BASHBOT_EVENT_SEND[*]}" ] && event_send "send" "${@}" &
 }

+UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
+
+# $1 chat $2 file, $3 calling function
+# return final file name or empty string on error
+checkUploadFile() {
+	local err file="$2"
+	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
+	if [[ "${file}" = '/'* ]] ; then
+		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
+	else
+		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
+	fi
+	[ ! -r "${file}" ] && err=3	# and file must exits of course
+	# file path error, generate error response
+	if [ -n "${err}" ]; then
+	    BOTSENT=(); BOTSENT[OK]="false"
+	    case "${err}" in
+		1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
+		2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
+		3) if [[ "$2" == "/"* ]];then
+			BOTSENT[ERROR]="File not found: $2"
+		   else
+			BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
+		   fi;;
+	    esac
+	    [ -n "${BASHBOTDEBUG}" ] && log_debug "$3: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
+	    return 1
+	fi
+}
+

 #
 # curl / wget specific functions
--- a/modules/chatMember.sh
+++ b/modules/chatMember.sh
@ -5,7 +5,7 @@
 # This file is public domain in the USA and all free countries.
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
-#### $$VERSION$$ v1.45-dev-23-g805a74e
+#### $$VERSION$$ v1.45-dev-24-g785e769

 # will be automatically sourced from bashbot

@ -32,30 +32,8 @@ set_chat_description() {

 # $1 chat  $2 file
 set_chat_photo() {
-	local file=$2
-#XXX factor out to checkFileLocation ??
-	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
-	if [[ "${file}" = '/'* ]] ; then
-		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
-	else
-		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
-	fi
-	[ ! -r "${file}" ] && err=3	# and file must exits of course
-	# file path error, generate error response
-	if [ -n "${err}" ]; then
-	    BOTSENT=(); BOTSENT[OK]="false"
-	    case "${err}" in
-		1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
-		2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
-		3) if [[ "$2" == "/"* ]];then
-			BOTSENT[ERROR]="File not found: $2"
-		   else
-			BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
-		   fi;;
-	    esac
-	    [ -n "${BASHBOTDEBUG}" ] && log_debug "set_chat_photo: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
-	    return
-	fi
+	local file; file="$(checkUploadFile "$1" "$2" "set_chat_photo")"
+	[ -z "${file}" ] && return 1
 	sendUpload "$1" "photo" "${file}" "${URL}/setChatPhoto" 
 }
 # $1 chat 
--- a/modules/sendMessage.sh
+++ b/modules/sendMessage.sh
@ -6,7 +6,7 @@
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
 # shellcheck disable=SC1117
-#### $$VERSION$$ v1.45-dev-23-g805a74e
+#### $$VERSION$$ v1.45-dev-24-g785e769

 # will be automatically sourced from bashbot

@ -262,12 +262,10 @@ else
  }
 fi

-UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
-
 # supports local file, URL and file_id
 # $1 chat, $2 file https::// file_id:// , $3 caption, $4 extension (optional)
 send_file(){
-	local url what num stat err media capt file="$2" ext="$4"
+	local url what num stat media capt file="$2" ext="$4"
 	capt="$(JsonEscape "$3")"
 	if [[ "${file}" =~ ^https*:// ]]; then
 		media="URL"
@ -277,29 +275,8 @@ send_file(){
 	else
 		# we have a file, check file location ...
 		media="FILE"
-#XXX factor out to checkFileLocation ??
-		[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
-		if [[ "${file}" = '/'* ]] ; then
-			[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
-		else
-			file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
-		fi
-		[ ! -r "${file}" ] && err=3	# and file must exits of course
-		# file path error, generate error response
-		if [ -n "${err}" ]; then
-		    BOTSENT=(); BOTSENT[OK]="false"
-		    case "${err}" in
-			1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
-			2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
-			3) if [[ "$2" == "/"* ]];then
-				BOTSENT[ERROR]="File not found: $2"
-			   else
-				BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
-			   fi;;
-		    esac
-		    [ -n "${BASHBOTDEBUG}" ] && log_debug "upload_file: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
-		    return
-		fi
+		file="$(checkUploadFile "$1" "$2" "send_file")"
+		[ -z "${file}" ] && return 1
 		# file OK, let's continue
 	fi