scratch – Blame information for rev 88
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 86 | office | 1 | <?php |
| 2 | |||
| 3 | ########################################################################### |
||
| 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
| 5 | ########################################################################### |
||
| 6 | |||
| 7 | require_once('php/pseudocrypt.php'); |
||
| 8 | require_once('php/functions.php'); |
||
| 87 | office | 9 | require_once('vendor/autoload.php'); |
| 86 | office | 10 | |
| 11 | ### Load configuration. |
||
| 12 | $config = spyc_load_file('config.yaml'); |
||
| 13 | |||
| 14 | ### If no file has been specified for download then return. |
||
| 15 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
||
| 16 | http_response_code(404); |
||
| 17 | die('File not found.'); |
||
| 18 | } |
||
| 19 | |||
| 20 | ### Find the requested file. |
||
| 21 | $file = array_shift( |
||
| 22 | preg_grep( |
||
| 23 | "/".$_GET['hash']."/", |
||
| 24 | scandir($config['STORE_FOLDER']) |
||
| 25 | ) |
||
| 26 | ); |
||
| 27 | |||
| 28 | if (!isset($file) or empty($file)) { |
||
| 29 | http_response_code(404); |
||
| 30 | die('File not found.'); |
||
| 31 | } |
||
| 32 | |||
| 33 | ### Check the path for path traversals. |
||
| 34 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
||
| 35 | |||
| 36 | #### If the extension is not allowed then return. |
||
| 37 | if (!isset($fileExtension) || |
||
| 38 | !in_array(strtoupper($fileExtension), |
||
| 39 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
||
| 40 | http_response_code(403); |
||
| 41 | die('File extension not allowed.'); |
||
| 42 | } |
||
| 43 | |||
| 44 | #### Build the user path. |
||
| 45 | $userPath = join( |
||
| 46 | DIRECTORY_SEPARATOR, |
||
| 47 | array( |
||
| 48 | $config['STORE_FOLDER'], |
||
| 49 | $file |
||
| 50 | ) |
||
| 51 | ); |
||
| 52 | |||
| 53 | #### Check for path traversals |
||
| 54 | $pathPart = pathinfo($userPath); |
||
| 55 | if (strcasecmp( |
||
| 56 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
||
| 57 | http_response_code(500); |
||
| 58 | die('Internal server error.'); |
||
| 59 | } |
||
| 60 | |||
| 61 | #### Check if the file exists. |
||
| 62 | if (!file_exists($userPath)) { |
||
| 63 | http_response_code(404); |
||
| 64 | die('File not found.'); |
||
| 65 | } |
||
| 66 | |||
| 67 | list($width, $height) = getimagesize($userPath); |
||
| 68 | |||
| 88 | office | 69 | $imagePath = $config['URL_PATH'].$_GET['hash']; |
| 86 | office | 70 | |
| 88 | office | 71 | echo <<<END |
| 72 | <html> |
||
| 73 | <head> |
||
| 74 | <meta property="og:site_name" content="Scratch Copy"> |
||
| 75 | <meta property="og:url" content="$imagePath"> |
||
| 76 | <meta property="og:title" content="Scratch Copy"> |
||
| 77 | <meta property="og:type" content="video.other"> |
||
| 78 | <meta property="og:image" content="$imagePath"> |
||
| 79 | <meta property="og:image:width" content="$width"> |
||
| 80 | <meta property="og:image:height" content="$height"> |
||
| 81 | </head> |
||
| 86 | office | 82 | |
| 88 | office | 83 | <body> |
| 84 | <p> |
||
| 85 | <img src="$imagePath"> |
||
| 86 | </p> |
||
| 87 | </body> |
||
| 86 | office | 88 | |
| 88 | office | 89 | </html> |
| 90 | END; |