scratch – Blame information for rev 87
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
73 | office | 1 | <?php |
2 | |||
3 | ########################################################################### |
||
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
5 | ########################################################################### |
||
6 | |||
7 | require_once('php/pseudocrypt.php'); |
||
8 | require_once('php/functions.php'); |
||
87 | office | 9 | require_once('vendor/autoload.php'); |
73 | office | 10 | |
11 | ### Load configuration. |
||
12 | $config = spyc_load_file('config.yaml'); |
||
13 | |||
14 | ### If no file has been specified for download then return. |
||
81 | office | 15 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
16 | http_response_code(404); |
||
17 | die('File not found.'); |
||
73 | office | 18 | } |
19 | |||
81 | office | 20 | ### If no timestamp has been provided then return. |
21 | if (!isset($_GET['timestamp']) or empty($_GET['timestamp'])) { |
||
22 | http_response_code(403); |
||
23 | die('Forbidden.'); |
||
24 | } |
||
25 | |||
73 | office | 26 | ### Find the requested file. |
27 | $file = array_shift( |
||
28 | preg_grep( |
||
81 | office | 29 | "/".$_GET['hash']."/", |
73 | office | 30 | scandir($config['STORE_FOLDER']) |
31 | ) |
||
32 | ); |
||
33 | |||
34 | if (!isset($file) or empty($file)) { |
||
81 | office | 35 | http_response_code(404); |
36 | die('File not found.'); |
||
73 | office | 37 | } |
38 | |||
39 | ### Check the path for path traversals. |
||
40 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
||
41 | |||
42 | #### If the extension is not allowed then return. |
||
43 | if (!isset($fileExtension) || |
||
44 | !in_array(strtoupper($fileExtension), |
||
45 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
||
81 | office | 46 | http_response_code(403); |
47 | die('File extension not allowed.'); |
||
73 | office | 48 | } |
49 | |||
50 | #### Build the user path. |
||
51 | $userPath = join( |
||
52 | DIRECTORY_SEPARATOR, |
||
53 | array( |
||
54 | $config['STORE_FOLDER'], |
||
55 | $file |
||
56 | ) |
||
57 | ); |
||
58 | |||
59 | #### Check for path traversals |
||
60 | $pathPart = pathinfo($userPath); |
||
61 | if (strcasecmp( |
||
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
||
81 | office | 63 | http_response_code(500); |
64 | die('Internal server error.'); |
||
73 | office | 65 | } |
66 | |||
81 | office | 67 | #### Check if the file exists. |
73 | office | 68 | if (!file_exists($userPath)) { |
81 | office | 69 | http_response_code(404); |
70 | die('File not found.'); |
||
73 | office | 71 | } |
72 | |||
81 | office | 73 | ### Check if the timestamp matches. |
74 | if (filemtime($userPath) != $_GET['timestamp']) { |
||
75 | http_response_code(403); |
||
76 | die('Forbidden.'); |
||
77 | } |
||
78 | |||
73 | office | 79 | unlink($userPath); |