scratch – Diff between revs 13 and 14

Subversion Repositories:

?pathlinks?

Rev 13 – Rev 16 – Go to most recent revision – Details – Blame – Last modification – View Log

     # Raw POST data.
     $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']);
     $data = file_get_contents("php://input");
+}
 #### Grab the file extension.
 $fileExtension = pathinfo($name, PATHINFO_EXTENSION);
-#### Check that the file extension is allowed.
+#### If the extension is not allowed then change it to a text extension.
-if(!isset($fileExtension) ||
+if (!isset($fileExtension) ||
     !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS))
-    return;
+    $fileExtension = 'txt';
 #### Hash filename and check storage in the upload folder.
-$storePath = realpath($STORE_FOLDER);
+#### Hash filename.
 $file = strtolower(
     PseudoCrypt::hash(
         preg_replace(
             '/\D/',
             '',
             hash(
                 'sha512',
                 $name
-            )
-        )
+            )
     ).
-    '.'.
+    ).    '.'.
+    $fileExtension
+);
     $fileExtension
-);
+#### Build the user path.
 $userPath = join(
     DIRECTORY_SEPARATOR,
     array(
         $STORE_FOLDER,
         $file
     )
 );
-#### Check for path traversals.
+#### Check for path traversals
-$pathPart = pathinfo($userPath);
-if (realpath($pathPart['dirname']) == $storePath) {
+$pathPart = pathinfo($userPath);
+if (realpath($pathPart['dirname']) != realpath($STORE_FOLDER))
+    return;
     atomized_put_contents($userPath, $data);
-    $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file);
+#### Store the file.
-}
+atomized_put_contents($userPath, $data);