[mirotalksfu] - Add missing fileName validation

2024-08-05 07:49:43 +02:00
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -44,7 +44,7 @@ dependencies: {
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.37
+ * @version 1.5.38
 *
 */

@@ -658,6 +658,10 @@ function startServer() {
                return res.status(400).send('Filename not provided');
            }

+            if (!isValidVideo(fileName)) {
+                return res.status(400).send('Invalid file name');
+            }
+
            try {
                if (!fs.existsSync(dir.rec)) {
                    fs.mkdirSync(dir.rec, { recursive: true });
@@ -2945,4 +2949,11 @@ function startServer() {
            }
        }
    }
+
+    // Utils...
+
+    function isValidVideo(input) {
+        if (input.endsWith('.mp4') || input.endsWith('.webm') || input.endsWith('.ogg')) return true;
+        return false;
+    }
 }