scratch – Blame information for rev 111

Subversion Repositories:

?pathlinks?

Rev 110 – Rev 112 – Go to most recent revision – Details – Compare with Previous – Last modification – View Log

Rev	Author	Line No.	Line
86	office	1	`<?php`
		2
		3	`###########################################################################`
		4	`## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##`
		5	`###########################################################################`
		6
		7	`require_once('php/pseudocrypt.php');`
		8	`require_once('php/functions.php');`
87	office	9	`require_once('vendor/autoload.php');`
110	office	10	`require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php');`
86	office	11
		12	`### Load configuration.`
		13	`$config = spyc_load_file('config.yaml');`
		14
		15	`### If no file has been specified for download then return.`
		16	`if (!isset($_GET['hash']) or empty($_GET['hash'])) {`
		17	`http_response_code(404);`
		18	`die('File not found.');`
		19	`}`
		20
		21	`### Find the requested file.`
		22	`$file = array_shift(`
		23	`preg_grep(`
		24	`"/".$_GET['hash']."/",`
		25	`scandir($config['STORE_FOLDER'])`
		26	`)`
		27	`);`
		28
		29	`if (!isset($file) or empty($file)) {`
		30	`http_response_code(404);`
		31	`die('File not found.');`
		32	`}`
		33
		34	`### Check the path for path traversals.`
		35	`$fileExtension = pathinfo($file, PATHINFO_EXTENSION);`
		36
		37	`#### If the extension is not allowed then return.`
		38	`if (!isset($fileExtension) \|\|`
		39	`!in_array(strtoupper($fileExtension),`
		40	`array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) {`
		41	`http_response_code(403);`
		42	`die('File extension not allowed.');`
		43	`}`
		44
		45	`#### Build the user path.`
		46	`$userPath = join(`
		47	`DIRECTORY_SEPARATOR,`
		48	`array(`
		49	`$config['STORE_FOLDER'],`
		50	`$file`
		51	`)`
		52	`);`
		53
		54	`#### Check for path traversals`
		55	`$pathPart = pathinfo($userPath);`
		56	`if (strcasecmp(`
		57	`realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) {`
		58	`http_response_code(500);`
		59	`die('Internal server error.');`
		60	`}`
		61
		62	`#### Check if the file exists.`
		63	`if (!file_exists($userPath)) {`
		64	`http_response_code(404);`
		65	`die('File not found.');`
		66	`}`
		67
108	office	68	`$GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash'];`
		69	`$CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash'];`
110	office	70	`$BASIC_URL = $config['URL_PATH'].$_GET['hash'];`
86	office	71
90	office	72	`switch(strtoupper($fileExtension)) {`
		73	`case 'GIF':`
		74	`list($width, $height) = getimagesize($userPath);`
		75	`echo <<<END`
88	office	76	`<html>`
		77	`<head>`
		78	`<meta property="og:site_name" content="Scratch Copy">`
110	office	79	`<meta property="og:url" content="$BASIC_URL">`
88	office	80	`<meta property="og:title" content="Scratch Copy">`
		81	`<meta property="og:type" content="video.other">`
110	office	82	`<meta property="og:image" content="$BASIC_URL">`
88	office	83	`<meta property="og:image:width" content="$width">`
		84	`<meta property="og:image:height" content="$height">`
		85	`</head>`
86	office	86
88	office	87	`<body>`
		88	`<p>`
111	office	89	`<img src="$BASIC_URL">`
88	office	90	`</p>`
		91	`</body>`
86	office	92
88	office	93	`</html>`
		94	`END;`
107	office	95	`break;`
103	office	96	`case 'MP4':`
110	office	97	`### Create a thumbnail for the video.`
		98	`$file = strtolower(`
		99	`PseudoCrypt::hash(`
		100	`preg_replace(`
		101	`'/\D/',`
		102	`'',`
		103	`hash(`
		104	`'sha512',`
		105	`$_GET['hash']`
		106	`)`
		107	`),`
		108	`$config['ASSET_HASH_SIZE']`
		109	`)`
		110	`);`
		111
		112	`#### Build the user path.`
		113	`$userPath = join(`
		114	`DIRECTORY_SEPARATOR,`
		115	`array(`
		116	`$config['STORE_FOLDER'],`
		117	`$file`
		118	`)`
		119	`);`
		120
		121	`### Extract thumbnail.`
		122	`$ffmpeg = FFMpeg\FFMpeg::create();`
		123	`$video = $ffmpeg->open($CANON_URL);`
111	office	124	`$frame = $video->frame(`
		125	`FFMpeg\Coordinate\TimeCode::fromSeconds(`
		126	`$config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND']`
		127	`)`
		128	`);`
110	office	129	`$frame->save($userPath.'.'.'jpg');`
111	office	130
		131	`$PREVIEW_IMAGE_URL = $config['URL_PATH'].$file;`
		132	`$FLOW_PLAYER_VIDEO_URL = $config['URL_PATH'].'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}';`
		133	`$FLOW_PLAYER = $config['URL_PATH'].'flowplayer/flowplayer.swf';`
		134
107	office	135	`echo <<<END`
103	office	136	`<html>`
		137	`<head>`
108	office	138	`<meta property="og:type" content="video.other">`
		139	`<meta property="og:title" content="Scratch Copy">`
103	office	140	`<meta property="og:site_name" content="Scratch Copy">`
108	office	141
104	office	142	`<meta property="og:url" content="$GRAPH_URL">`
108	office	143
111	office	144	`<meta property="og:image" content="$PREVIEW_IMAGE_URL">`
		145	`<meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'>`
		146	`<meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'>`
103	office	147	`<meta property="og:video:type" content="application/x-shockwave-flash">`
108	office	148	`<meta property="og:video:width" content="425">`
		149	`<meta property="og:video:height" content="300">`
103	office	150	`</head>`
		151
		152	`<body>`
		153	`<p>`
111	office	154	`<object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object>`
103	office	155	`</p>`
		156	`</body>`
		157
		158	`</html>`
		159	`END;`
107	office	160	`break;`
90	office	161	`}`
		162
		163
		164