scratch – Diff between revs 7 and 11
?pathlinks?
| Rev 7 | Rev 11 | |||
|---|---|---|---|---|
| Line 6... | Line 6... | |||
| 6 | |
6 | |
|
| 7 | require_once('includes/pseudocrypt.php'); |
7 | require_once('includes/pseudocrypt.php'); |
|
| 8 | require_once('includes/functions.php'); |
8 | require_once('includes/functions.php'); |
|
| Line 9... | Line -... | |||
| 9 | require_once('config.php'); |
- | ||
| 10 | |
- | ||
| 11 | # Upload data can be POST'ed as raw form data or uploaded via <iframe> and |
9 | require_once('config.php'); |
|
| 12 | # <form> using regular multipart/form-data enctype (which is handled by |
10 | |
|
| 13 | # PHP $_FILES). |
11 | #### Retrieve uploaded file. |
|
| 14 | if (!empty($_FILES['file']) and |
12 | if (!empty($_FILES['file']) and |
|
| 15 | is_uploaded_file($_FILES['file']['tmp_name'])) { |
13 | is_uploaded_file($_FILES['file']['tmp_name'])) { |
|
| 16 | # Regular multipart/form-data upload. |
14 | # Regular multipart/form-data upload. |
|
| 17 | $name = $_FILES['file']['name']; |
15 | $name = $_FILES['file']['name']; |
|
| 18 | $data = file_get_contents($_FILES['file']['tmp_name']); |
16 | $data = file_get_contents($_FILES['file']['tmp_name']); |
|
| 19 | } else { |
17 | } else { |
|
| 20 | # Raw POST data. |
18 | # Raw POST data. |
|
| 21 | $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); |
19 | $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); |
|
| Line 22... | Line -... | |||
| 22 | $data = file_get_contents("php://input"); |
- | ||
| 23 | } |
20 | $data = file_get_contents("php://input"); |
|
| - | 21 | } |
||
| - | 22 | |
||
| 24 | |
23 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
|
| - | 24 | |
||
| - | 25 | #### Check that the file extension is allowed. |
||
| - | 26 | if(!isset($fileExtension) || |
||
| - | 27 | !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS)) |
||
| 25 | ## Hash filename and check storage in the upload folder. |
28 | return; |
|
| 26 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
29 | |
|
| 27 | if ($fileExtension != '') { |
30 | #### Hash filename and check storage in the upload folder. |
|
| 28 | $storePath = realpath($STORE_FOLDER); |
31 | $storePath = realpath($STORE_FOLDER); |
|
| 29 | $file = strtolower( |
32 | $file = strtolower( |
|
| 30 | PseudoCrypt::hash( |
33 | PseudoCrypt::hash( |
|
| 31 | preg_replace( |
34 | preg_replace( |
|
| 32 | '/\D/', |
35 | '/\D/', |
|
| 33 | '', |
36 | '', |
|
| 34 | hash( |
- | ||
| 35 | 'sha512', |
37 | hash( |
|
| 36 | $name |
- | ||
| 37 | ) |
- | ||
| 38 | ) |
- | ||
| 39 | ). |
- | ||
| 40 | '.'. |
- | ||
| 41 | $fileExtension |
- | ||
| 42 | ); |
- | ||
| 43 | $userPath = join( |
- | ||
| 44 | DIRECTORY_SEPARATOR, |
- | ||
| 45 | array( |
38 | 'sha512', |
|
| 46 | $STORE_FOLDER, |
39 | $name |
|
| - | 40 | ) |
||
| - | 41 | ) |
||
| - | 42 | ). |
||
| - | 43 | '.'. |
||
| - | 44 | $fileExtension |
||
| - | 45 | ); |
||
| - | 46 | $userPath = join( |
||
| - | 47 | DIRECTORY_SEPARATOR, |
||
| - | 48 | array( |
||
| - | 49 | $STORE_FOLDER, |
||
| - | 50 | $file |
||
| - | 51 | ) |
||
| 47 | $file |
52 | ); |
|
| 48 | ) |
53 | |
|
| 49 | ); |
54 | #### Check for path traversals. |
|
| 50 | $pathPart = pathinfo($userPath); |
55 | $pathPart = pathinfo($userPath); |
|
| 51 | if (realpath($pathPart['dirname']) == $storePath) { |
- | ||
| 52 | atomized_put_contents($userPath, $data); |
56 | if (realpath($pathPart['dirname']) == $storePath) { |
|
| Line 53... | Line 57... | |||
| 53 | $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); |
57 | atomized_put_contents($userPath, $data); |
|
| 54 | } |
58 | $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); |
|
| 55 | } |
59 | } |
|