Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next…

…-Web into chatgpt-main
Kosette · Mar 23, 2024 · da9a4a9 · da9a4a9
2 parents 3c4a70e + ebbd870
commit da9a4a9
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ One-Click to get a well-designed cross-platform ChatGPT web UI, with GPT3, GPT4
 [MacOS-image]: https://img.shields.io/badge/-MacOS-black?logo=apple
 [Linux-image]: https://img.shields.io/badge/-Linux-333?logo=ubuntu
 
-[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2FYidadaa%2FChatGPT-Next-Web&env=OPENAI_API_KEY&env=CODE&env=GOOGLE_API_KEY&project-name=chatgpt-next-web&repository-name=ChatGPT-Next-Web)
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/clone?repository-url=https%3A%2F%2Fgithub.com%2FChatGPTNextWeb%2FChatGPT-Next-Web&env=OPENAI_API_KEY&env=CODE&project-name=nextchat&repository-name=NextChat)
 
 [![Deploy on Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/ZBUEFA)
 

diff --git a/app/api/webdav/[...path]/route.ts b/app/api/webdav/[...path]/route.ts
@@ -12,17 +12,28 @@ async function handle(
 
   const requestUrl = new URL(req.url);
   let endpoint = requestUrl.searchParams.get("endpoint");
-  if (!endpoint?.endsWith("/")) {
-    endpoint += "/";
+
+  // Validate the endpoint to prevent potential SSRF attacks
+  if (!endpoint || !endpoint.startsWith("/")) {
+    return NextResponse.json(
+      {
+        error: true,
+        msg: "Invalid endpoint",
+      },
+      {
+        status: 400,
+      },
+    );
   }
   const endpointPath = params.path.join("/");
+  const targetPath = `${endpoint}/${endpointPath}`;
 
   // only allow MKCOL, GET, PUT
   if (req.method !== "MKCOL" && req.method !== "GET" && req.method !== "PUT") {
     return NextResponse.json(
       {
         error: true,
-        msg: "you are not allowed to request " + params.path.join("/"),
+        msg: "you are not allowed to request " + targetPath,
       },
       {
         status: 403,
@@ -32,13 +43,13 @@ async function handle(
 
   // for MKCOL request, only allow request ${folder}
   if (
-    req.method == "MKCOL" &&
-    !new URL(endpointPath).pathname.endsWith(folder)
+    req.method === "MKCOL" &&
+     !targetPath.endsWith(folder)
   ) {
     return NextResponse.json(
       {
         error: true,
-        msg: "you are not allowed to request " + params.path.join("/"),
+        msg: "you are not allowed to request " + targetPath,
       },
       {
         status: 403,
@@ -48,13 +59,13 @@ async function handle(
 
   // for GET request, only allow request ending with fileName
   if (
-    req.method == "GET" &&
-    !new URL(endpointPath).pathname.endsWith(fileName)
+    req.method === "GET" &&
+     !targetPath.endsWith(fileName)
   ) {
     return NextResponse.json(
       {
         error: true,
-        msg: "you are not allowed to request " + params.path.join("/"),
+        msg: "you are not allowed to request " + targetPath,
       },
       {
         status: 403,
@@ -64,21 +75,21 @@ async function handle(
 
   //   for PUT request, only allow request ending with fileName
   if (
-    req.method == "PUT" &&
-    !new URL(endpointPath).pathname.endsWith(fileName)
+    req.method === "PUT" &&
+     !targetPath.endsWith(fileName)
   ) {
     return NextResponse.json(
       {
         error: true,
-        msg: "you are not allowed to request " + params.path.join("/"),
+        msg: "you are not allowed to request " + targetPath,
       },
       {
         status: 403,
       },
     );
   }
 
-  const targetUrl = `${endpoint + endpointPath}`;
+  const targetUrl = `${endpoint}/${endpointPath}`;
 
   const method = req.method;
   const shouldNotHaveBody = ["get", "head"].includes(

diff --git a/app/components/chat.tsx b/app/components/chat.tsx
@@ -219,6 +219,8 @@ function useSubmitHandler() {
   }, []);
 
   const shouldSubmit = (e: React.KeyboardEvent<HTMLTextAreaElement>) => {
+    // Fix Chinese input method "Enter" on Safari
+    if (e.keyCode == 229) return false;
     if (e.key !== "Enter") return false;
     if (e.key === "Enter" && (e.nativeEvent.isComposing || isComposing.current))
       return false;

diff --git a/app/utils.ts b/app/utils.ts
@@ -292,9 +292,11 @@ export function getMessageImages(message: RequestMessage): string[] {
 }
 
 export function isVisionModel(model: string) {
-  return (
-    // model.startsWith("gpt-4-vision") ||
-    // model.startsWith("gemini-pro-vision") ||
-    model.includes("vision")
-  );
+  // Note: This is a better way using the TypeScript feature instead of `&&` or `||` (ts v5.5.0-dev.20240314 I've been using)
+  const visionKeywords = [
+    "vision",
+    "claude-3",
+  ];
+
+  return visionKeywords.some(keyword => model.includes(keyword));
 }