/.htaccess |
@@ -1,5 +1,10 @@ |
Options -MultiViews |
RewriteEngine on |
# Deleting files can be done by pre-pending the timestamp. |
RewriteRule ^([0-9]+?)/([A-Za-z0-9]+)$ delete.php?timestamp=$1&hash=$2 [QSA,L] |
# For serving OpenGraph HTML files from the file. |
RewriteRule ^og/([A-Za-z0-9]+)$ graph.php?hash=$1 [QSA,L] |
# Retrieving a file by the hash. |
RewriteRule ^([A-Za-z0-9]+)$ file.php?hash=$1 [QSA,L] |
# By default, rewrite everything to index.html |
RewriteRule ^$ index.html [L] |
/graph.php |
@@ -0,0 +1,88 @@ |
<?php |
|
########################################################################### |
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
########################################################################### |
|
require_once('php/pseudocrypt.php'); |
require_once('php/functions.php'); |
require_once('vendor/mustangostang/spyc/Spyc.php'); |
require_once('vendor/chriskonnertz/open-graph/src/ChrisKonnertz/OpenGraph/OpenGraph.php'); |
require_once('vendor/chriskonnertz/open-graph/src/ChrisKonnertz/OpenGraph/OpenGraphTag.php'); |
use ChrisKonnertz\OpenGraph\OpenGraph as OpenGraph; |
use ChrisKonnertz\OpenGraph\OpenGraphTag as OpenGraphTag; |
|
### Load configuration. |
$config = spyc_load_file('config.yaml'); |
|
### If no file has been specified for download then return. |
if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
http_response_code(404); |
die('File not found.'); |
} |
|
### Find the requested file. |
$file = array_shift( |
preg_grep( |
"/".$_GET['hash']."/", |
scandir($config['STORE_FOLDER']) |
) |
); |
|
if (!isset($file) or empty($file)) { |
http_response_code(404); |
die('File not found.'); |
} |
|
### Check the path for path traversals. |
$fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
|
#### If the extension is not allowed then return. |
if (!isset($fileExtension) || |
!in_array(strtoupper($fileExtension), |
array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
http_response_code(403); |
die('File extension not allowed.'); |
} |
|
#### Build the user path. |
$userPath = join( |
DIRECTORY_SEPARATOR, |
array( |
$config['STORE_FOLDER'], |
$file |
) |
); |
|
#### Check for path traversals |
$pathPart = pathinfo($userPath); |
if (strcasecmp( |
realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
http_response_code(500); |
die('Internal server error.'); |
} |
|
#### Check if the file exists. |
if (!file_exists($userPath)) { |
http_response_code(404); |
die('File not found.'); |
} |
|
list($width, $height) = getimagesize($userPath); |
|
# Create an OpenGraph object with validation. |
$og = new OpenGraph(); |
|
$og->title('Scratch Copy') |
->description('Asset Sharing') |
->url($config['URL_PATH'].$_GET['hash']) |
->type('movie') |
->image($config['URL_PATH'].$_GET['hash'], [ |
type => 'image/png', |
width => $width, |
height => $height |
]); |
|
|
echo $og->renderTags(); |
|