scratch – Blame information for rev 7

Subversion Repositories:
Rev:
Rev Author Line No. Line
7 office 1 <?php
2  
3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ###########################################################################
6  
7 require_once('includes/pseudocrypt.php');
8 require_once('includes/functions.php');
9 require_once('config.php');
10  
11 # Upload data can be POST'ed as raw form data or uploaded via <iframe> and
12 # <form> using regular multipart/form-data enctype (which is handled by
13 # PHP $_FILES).
14 if (!empty($_FILES['file']) and
15 is_uploaded_file($_FILES['file']['tmp_name'])) {
16 # Regular multipart/form-data upload.
17 $name = $_FILES['file']['name'];
18 $data = file_get_contents($_FILES['file']['tmp_name']);
19 } else {
20 # Raw POST data.
21 $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']);
22 $data = file_get_contents("php://input");
23 }
24  
25 ## Hash filename and check storage in the upload folder.
26 $fileExtension = pathinfo($name, PATHINFO_EXTENSION);
27 if ($fileExtension != '') {
28 $storePath = realpath($STORE_FOLDER);
29 $file = strtolower(
30 PseudoCrypt::hash(
31 preg_replace(
32 '/\D/',
33 '',
34 hash(
35 'sha512',
36 $name
37 )
38 )
39 ).
40 '.'.
41 $fileExtension
42 );
43 $userPath = join(
44 DIRECTORY_SEPARATOR,
45 array(
46 $STORE_FOLDER,
47 $file
48 )
49 );
50 $pathPart = pathinfo($userPath);
51 if (realpath($pathPart['dirname']) == $storePath) {
52 atomized_put_contents($userPath, $data);
53 $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file);
54 }
55 }
56  
57 # Return the URL to the file.
58 header('Content-Type: text/plain; charset=utf-8');
59 echo $output;