direct-img/direct-img.link
1
0
Fork 0
mirror of https://github.com/direct-img/direct-img.link.git synced 2026-03-16 18:51:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Reject queries with slashes, serve bad.webp

Browse Source
This commit is contained in:
multipleof4
2026-02-15 09:02:54 -08:00
parent 509a1d7269
commit e5b167d731
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
functions/[[path]].js
View File

@@ -4,7 +4,7 @@ export async function onRequest(context) {
const path = params.path?.join("/") || "";
// Serve static assets for root or standard files
if (!path || path === "index.html" || path === "favicon.ico" || path === "robots.txt" || path === "limit.webp") {
if (!path || path === "index.html" || path === "favicon.ico" || path === "robots.txt" || path === "limit.webp" || path === "bad.webp") {
return env.ASSETS.fetch(request);
}
@@ -13,6 +13,12 @@ export async function onRequest(context) {
return jsonResponse(400, { error: "Empty query" });
}
// Reject queries containing slashes (bot probes like wp-admin/setup-config.php)
if (query.includes("/")) {
const badReq = new Request(new URL("/bad.webp", url.origin));
return env.ASSETS.fetch(badReq);
}
// Max query length: 200 chars after normalization
if (query.length > 200) {
return jsonResponse(400, { error: "Query too long (max 200 characters)" });