scratch – Blame information for rev 7
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
7 | office | 1 | <?php |
2 | |||
3 | ########################################################################### |
||
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
5 | ########################################################################### |
||
6 | |||
7 | require_once('includes/pseudocrypt.php'); |
||
8 | require_once('includes/functions.php'); |
||
9 | require_once('config.php'); |
||
10 | |||
11 | # Upload data can be POST'ed as raw form data or uploaded via <iframe> and |
||
12 | # <form> using regular multipart/form-data enctype (which is handled by |
||
13 | # PHP $_FILES). |
||
14 | if (!empty($_FILES['file']) and |
||
15 | is_uploaded_file($_FILES['file']['tmp_name'])) { |
||
16 | # Regular multipart/form-data upload. |
||
17 | $name = $_FILES['file']['name']; |
||
18 | $data = file_get_contents($_FILES['file']['tmp_name']); |
||
19 | } else { |
||
20 | # Raw POST data. |
||
21 | $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); |
||
22 | $data = file_get_contents("php://input"); |
||
23 | } |
||
24 | |||
25 | ## Hash filename and check storage in the upload folder. |
||
26 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
||
27 | if ($fileExtension != '') { |
||
28 | $storePath = realpath($STORE_FOLDER); |
||
29 | $file = strtolower( |
||
30 | PseudoCrypt::hash( |
||
31 | preg_replace( |
||
32 | '/\D/', |
||
33 | '', |
||
34 | hash( |
||
35 | 'sha512', |
||
36 | $name |
||
37 | ) |
||
38 | ) |
||
39 | ). |
||
40 | '.'. |
||
41 | $fileExtension |
||
42 | ); |
||
43 | $userPath = join( |
||
44 | DIRECTORY_SEPARATOR, |
||
45 | array( |
||
46 | $STORE_FOLDER, |
||
47 | $file |
||
48 | ) |
||
49 | ); |
||
50 | $pathPart = pathinfo($userPath); |
||
51 | if (realpath($pathPart['dirname']) == $storePath) { |
||
52 | atomized_put_contents($userPath, $data); |
||
53 | $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); |
||
54 | } |
||
55 | } |
||
56 | |||
57 | # Return the URL to the file. |
||
58 | header('Content-Type: text/plain; charset=utf-8'); |
||
59 | echo $output; |