diff --git a/SECURITY.md b/SECURITY.md
index e2e25e32..9e80bb3c 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -25,9 +25,10 @@ Thanks in advance for your support to make our products safer!
We would like to extend our gratitude to the following individuals for their responsible disclosure of security vulnerabilities:
-| Name | Contact |
-| ----------------- | ---------------------- |
-| `Hendrik Siewert` | hendrik.siewert@upb.de |
-| `Caio Fook` | caio.fook@gmail.com |
+| Name | Contact |
+| ----------------- | ------------------------- |
+| `Hendrik Siewert` | hendrik.siewert@upb.de |
+| `Caio Fook` | caio.fook@gmail.com |
+| `Nishant Jain` | jain.nishant777@gmail.com |
Their dedication to security has contributed to the continuous improvement of our systems, ensuring the safety and privacy of our users and data.
diff --git a/app/src/Server.js b/app/src/Server.js
index 1bac3eb8..4fd6d2d8 100644
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -44,7 +44,7 @@ dependencies: {
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.37
+ * @version 1.5.38
*
*/
@@ -658,6 +658,10 @@ function startServer() {
return res.status(400).send('Filename not provided');
}
+ if (!isValidVideo(fileName)) {
+ return res.status(400).send('Invalid file name');
+ }
+
try {
if (!fs.existsSync(dir.rec)) {
fs.mkdirSync(dir.rec, { recursive: true });
@@ -2945,4 +2949,11 @@ function startServer() {
}
}
}
+
+ // Utils...
+
+ function isValidVideo(input) {
+ if (input.endsWith('.mp4') || input.endsWith('.webm') || input.endsWith('.ogg')) return true;
+ return false;
+ }
}
diff --git a/cloud/server.js b/cloud/server.js
index b6cd1848..f8d8cfda 100644
--- a/cloud/server.js
+++ b/cloud/server.js
@@ -48,6 +48,10 @@ app.post('/recSync', (req, res) => {
return res.status(400).send('Filename not provided');
}
+ if (!isValidVideo(fileName)) {
+ return res.status(400).send('Invalid file name');
+ }
+
ensureRecordingDirectoryExists();
const filePath = path.join(recordingDirectory, fileName);
@@ -75,3 +79,8 @@ app.post('/recSync', (req, res) => {
app.listen(port, () => {
log.debug(`Server is running on http://localhost:${port}`);
});
+
+function isValidVideo(input) {
+ if (input.endsWith('.mp4') || input.endsWith('.webm') || input.endsWith('.ogg')) return true;
+ return false;
+}
diff --git a/package.json b/package.json
index 249c2f79..b814f2e0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "mirotalksfu",
- "version": "1.5.37",
+ "version": "1.5.38",
"description": "WebRTC SFU browser-based video calls",
"main": "Server.js",
"scripts": {
diff --git a/public/js/Room.js b/public/js/Room.js
index 57c1a891..5ebf1a81 100644
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.37
+ * @version 1.5.38
*
*/
@@ -4335,7 +4335,7 @@ function showAbout() {
imageUrl: image.about,
customClass: { image: 'img-about' },
position: 'center',
- title: 'WebRTC SFU v1.5.37',
+ title: 'WebRTC SFU v1.5.38',
html: `
diff --git a/public/js/RoomClient.js b/public/js/RoomClient.js
index e2fd214a..89e22553 100644
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.37
+ * @version 1.5.38
*
*/