From 343eeaa39f29df311b5c4cdc14f83cedbe2c21ca Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Sun, 26 Jun 2022 12:03:19 +0200
Subject: Drop the ability to store remote URLs.

I do not use it and it adds complexity, with potential for security
issues.
---
 fhost.py         | 33 ---------------------------------
 requirements.txt |  2 --
 2 files changed, 35 deletions(-)

diff --git a/fhost.py b/fhost.py
index f12b63f..9910773 100755
--- a/fhost.py
+++ b/fhost.py
@@ -23,7 +23,6 @@ from flask import Flask, abort, escape, make_response, redirect, request, send_f
 from flask_sqlalchemy import SQLAlchemy
 from flask_script import Manager
 from hashlib import sha256
-from humanize import naturalsize
 from magic import Magic
 from mimetypes import guess_extension
 import os, sys
@@ -229,36 +228,6 @@ def store_file(f, addr):
 
         return sf.geturl()
 
-def store_url(url, addr):
-    if is_fhost_url(url):
-        return segfault(508)
-
-    h = { "Accept-Encoding" : "identity" }
-    r = requests.get(url, stream=True, verify=False, headers=h)
-
-    try:
-        r.raise_for_status()
-    except requests.exceptions.HTTPError as e:
-        return str(e) + "\n"
-
-    if "content-length" in r.headers:
-        l = int(r.headers["content-length"])
-
-        if l < app.config["MAX_CONTENT_LENGTH"]:
-            def urlfile(**kwargs):
-                return type('',(),kwargs)()
-
-            f = urlfile(stream=r.raw, content_type=r.headers["content-type"], filename="")
-
-            return store_file(f, addr)
-        else:
-            hl = naturalsize(l, binary = True)
-            hml = naturalsize(app.config["MAX_CONTENT_LENGTH"], binary=True)
-
-            return "Remote file too large ({0} > {1}).\n".format(hl, hml), 413
-    else:
-        return "Could not determine remote file size (no Content-Length in response header; shoot admin).\n", 411
-
 @app.route("/<path:path>")
 def get(path):
     p = os.path.splitext(path)
@@ -322,8 +291,6 @@ def fhost():
 
         if "file" in request.files:
             return store_file(request.files["file"], request.remote_addr)
-        elif "url" in request.form:
-            return store_url(request.form["url"], request.remote_addr)
 
         abort(400)
     else:
diff --git a/requirements.txt b/requirements.txt
index f22a8c5..b5c2720 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,9 +4,7 @@ SQLAlchemy
 tqdm
 Flask_SQLAlchemy
 Flask
-humanize
 requests
-flask_migrate
 flask_script
 python_magic
 short_url
-- 
cgit v1.2.3