Security: Implement recursion depth limits and field allowlists for Advanced Search; add reference SQL exports.

2026-01-02 19:38:37 -05:00
parent 5a4c82e4cb
commit 09ec231303
5 changed files with 211 additions and 9 deletions
--- a/documentation/aether_dev__hosted_file__2026-01-03_00_03_33.sql
+++ b/documentation/aether_dev__hosted_file__2026-01-03_00_03_33.sql
@@ -0,0 +1,121 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.3
+-- https://www.phpmyadmin.net/
+--
+-- Host: localhost
+-- Generation Time: Jan 03, 2026 at 12:03 AM
+-- Server version: 12.1.2-MariaDB-log
+-- PHP Version: 8.4.15
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `aether_dev`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `hosted_file`
+--
+
+CREATE TABLE `hosted_file` (
+  `id` int(11) NOT NULL,
+  `id_random` varchar(22) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL,
+  `hash_sha256` varchar(64) DEFAULT NULL,
+  `account_id` varchar(22) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL,
+  `title` varchar(500) DEFAULT NULL,
+  `description` text DEFAULT NULL,
+  `version` int(11) DEFAULT NULL,
+  `directory_path` varchar(1000) DEFAULT NULL,
+  `subdirectory_path` varchar(1000) DEFAULT NULL COMMENT 'new as of 2021-08-26',
+  `filename` varchar(255) DEFAULT NULL,
+  `extension` varchar(10) DEFAULT NULL,
+  `content_type` varchar(100) DEFAULT NULL,
+  `mimetype` varchar(100) DEFAULT NULL,
+  `size` int(11) UNSIGNED DEFAULT NULL COMMENT 'bytes',
+  `cloud_storage` text DEFAULT NULL,
+  `owner_user_id` int(11) DEFAULT NULL,
+  `group_user_id` int(11) DEFAULT NULL,
+  `package_name` varchar(500) DEFAULT NULL,
+  `hide` tinyint(1) DEFAULT 0,
+  `priority` tinyint(1) DEFAULT NULL,
+  `sort` int(11) DEFAULT NULL,
+  `group` varchar(100) DEFAULT NULL,
+  `enable` tinyint(1) DEFAULT 1,
+  `notes` text DEFAULT NULL,
+  `created_on` timestamp NOT NULL DEFAULT current_timestamp(),
+  `updated_on` timestamp NULL DEFAULT NULL ON UPDATE current_timestamp()
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+--
+-- Triggers `hosted_file`
+--
+DELIMITER $$
+CREATE TRIGGER `before_insert_hosted_file` BEFORE INSERT ON `hosted_file` FOR EACH ROW BEGIN
+    BEGIN
+        IF (NEW.id_random IS NULL OR NEW.id_random = '' OR LENGTH(NEW.id_random) < 6)
+        THEN
+            /* SET NEW.id_random = gen_rand_pattern('3C-2N-2N-2N'); */
+            /* SET NEW.id_random = gen_rand_pattern('4C-2N-2N-2N'); */
+            SET NEW.id_random = gen_rand_str(11, 'URL');
+        END IF;
+    END;
+END
+$$
+DELIMITER ;
+DELIMITER $$
+CREATE TRIGGER `before_update_hosted_file` BEFORE UPDATE ON `hosted_file` FOR EACH ROW BEGIN
+    BEGIN
+        IF (NEW.id_random IS NULL OR NEW.id_random = '' OR LENGTH(NEW.id_random) < 6)
+        THEN
+            /* SET NEW.id_random = gen_rand_pattern('3C-2N-2N-2N'); */
+            /* SET NEW.id_random = gen_rand_pattern('4C-2N-2N-2N'); */
+            SET NEW.id_random = gen_rand_str(11, 'URL');
+        END IF;
+    END;
+END
+$$
+DELIMITER ;
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `hosted_file`
+--
+ALTER TABLE `hosted_file`
+  ADD PRIMARY KEY (`id`),
+  ADD UNIQUE KEY `id_random` (`id_random`),
+  ADD UNIQUE KEY `hash_sha256` (`hash_sha256`),
+  ADD KEY `account_id` (`account_id`),
+  ADD KEY `created_on` (`created_on`),
+  ADD KEY `updated_on` (`updated_on`),
+  ADD KEY `filename` (`filename`),
+  ADD KEY `extension` (`extension`),
+  ADD KEY `hide` (`hide`),
+  ADD KEY `enable` (`enable`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `hosted_file`
+--
+ALTER TABLE `hosted_file`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
--- a/documentation/aether_dev__hosted_file_link__2026-01-03_00_03_53.sql
+++ b/documentation/aether_dev__hosted_file_link__2026-01-03_00_03_53.sql
@@ -0,0 +1,52 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.3
+-- https://www.phpmyadmin.net/
+--
+-- Host: localhost
+-- Generation Time: Jan 03, 2026 at 12:03 AM
+-- Server version: 12.1.2-MariaDB-log
+-- PHP Version: 8.4.15
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `aether_dev`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `hosted_file_link`
+--
+
+CREATE TABLE `hosted_file_link` (
+  `account_id` int(11) DEFAULT NULL COMMENT 'is this needed?',
+  `hosted_file_id` int(11) NOT NULL,
+  `link_to_type` varchar(50) NOT NULL COMMENT 'change to for_object_type',
+  `link_to_id` int(11) NOT NULL COMMENT 'change to for_object_id',
+  `created_on` timestamp NOT NULL DEFAULT current_timestamp(),
+  `updated_on` timestamp NULL DEFAULT NULL ON UPDATE current_timestamp()
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='All hosted files that are actively linked or in use';
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `hosted_file_link`
+--
+ALTER TABLE `hosted_file_link`
+  ADD PRIMARY KEY (`hosted_file_id`,`link_to_type`,`link_to_id`) USING BTREE;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;