scratch – Blame information for rev 110
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
86 | office | 1 | <?php |
2 | |||
3 | ########################################################################### |
||
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
5 | ########################################################################### |
||
6 | |||
7 | require_once('php/pseudocrypt.php'); |
||
8 | require_once('php/functions.php'); |
||
87 | office | 9 | require_once('vendor/autoload.php'); |
110 | office | 10 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
86 | office | 11 | |
12 | ### Load configuration. |
||
13 | $config = spyc_load_file('config.yaml'); |
||
14 | |||
15 | ### If no file has been specified for download then return. |
||
16 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
||
17 | http_response_code(404); |
||
18 | die('File not found.'); |
||
19 | } |
||
20 | |||
21 | ### Find the requested file. |
||
22 | $file = array_shift( |
||
23 | preg_grep( |
||
24 | "/".$_GET['hash']."/", |
||
25 | scandir($config['STORE_FOLDER']) |
||
26 | ) |
||
27 | ); |
||
28 | |||
29 | if (!isset($file) or empty($file)) { |
||
30 | http_response_code(404); |
||
31 | die('File not found.'); |
||
32 | } |
||
33 | |||
34 | ### Check the path for path traversals. |
||
35 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
||
36 | |||
37 | #### If the extension is not allowed then return. |
||
38 | if (!isset($fileExtension) || |
||
39 | !in_array(strtoupper($fileExtension), |
||
40 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
||
41 | http_response_code(403); |
||
42 | die('File extension not allowed.'); |
||
43 | } |
||
44 | |||
45 | #### Build the user path. |
||
46 | $userPath = join( |
||
47 | DIRECTORY_SEPARATOR, |
||
48 | array( |
||
49 | $config['STORE_FOLDER'], |
||
50 | $file |
||
51 | ) |
||
52 | ); |
||
53 | |||
54 | #### Check for path traversals |
||
55 | $pathPart = pathinfo($userPath); |
||
56 | if (strcasecmp( |
||
57 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
||
58 | http_response_code(500); |
||
59 | die('Internal server error.'); |
||
60 | } |
||
61 | |||
62 | #### Check if the file exists. |
||
63 | if (!file_exists($userPath)) { |
||
64 | http_response_code(404); |
||
65 | die('File not found.'); |
||
66 | } |
||
67 | |||
108 | office | 68 | $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash']; |
69 | $CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; |
||
110 | office | 70 | $BASIC_URL = $config['URL_PATH'].$_GET['hash']; |
86 | office | 71 | |
90 | office | 72 | switch(strtoupper($fileExtension)) { |
73 | case 'GIF': |
||
74 | list($width, $height) = getimagesize($userPath); |
||
75 | echo <<<END |
||
88 | office | 76 | <html> |
77 | <head> |
||
78 | <meta property="og:site_name" content="Scratch Copy"> |
||
110 | office | 79 | <meta property="og:url" content="$BASIC_URL"> |
88 | office | 80 | <meta property="og:title" content="Scratch Copy"> |
81 | <meta property="og:type" content="video.other"> |
||
110 | office | 82 | <meta property="og:image" content="$BASIC_URL"> |
88 | office | 83 | <meta property="og:image:width" content="$width"> |
84 | <meta property="og:image:height" content="$height"> |
||
85 | </head> |
||
86 | office | 86 | |
88 | office | 87 | <body> |
88 | <p> |
||
107 | office | 89 | <img src="$URL"> |
88 | office | 90 | </p> |
91 | </body> |
||
86 | office | 92 | |
88 | office | 93 | </html> |
94 | END; |
||
107 | office | 95 | break; |
103 | office | 96 | case 'MP4': |
110 | office | 97 | ### Create a thumbnail for the video. |
98 | $file = strtolower( |
||
99 | PseudoCrypt::hash( |
||
100 | preg_replace( |
||
101 | '/\D/', |
||
102 | '', |
||
103 | hash( |
||
104 | 'sha512', |
||
105 | $_GET['hash'] |
||
106 | ) |
||
107 | ), |
||
108 | $config['ASSET_HASH_SIZE'] |
||
109 | ) |
||
110 | ); |
||
111 | |||
112 | #### Build the user path. |
||
113 | $userPath = join( |
||
114 | DIRECTORY_SEPARATOR, |
||
115 | array( |
||
116 | $config['STORE_FOLDER'], |
||
117 | $file |
||
118 | ) |
||
119 | ); |
||
120 | |||
121 | ### Extract thumbnail. |
||
122 | $ffmpeg = FFMpeg\FFMpeg::create(); |
||
123 | $video = $ffmpeg->open($CANON_URL); |
||
124 | $frame = $video->frame(FFMpeg\Coordinate\TimeCode::fromSeconds(42)); |
||
125 | $frame->save($userPath.'.'.'jpg'); |
||
107 | office | 126 | echo <<<END |
103 | office | 127 | <html> |
128 | <head> |
||
108 | office | 129 | <meta property="og:type" content="video.other"> |
130 | <meta property="og:title" content="Scratch Copy"> |
||
103 | office | 131 | <meta property="og:site_name" content="Scratch Copy"> |
108 | office | 132 | |
104 | office | 133 | <meta property="og:url" content="$GRAPH_URL"> |
108 | office | 134 | |
110 | office | 135 | <meta property="og:image" content="https://cpy.ro/$file"> |
136 | <meta property="og:video" content='http://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$BASIC_URL"}'> |
||
137 | <meta property="og:video:secure_url" content='https://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$BASIC_URL"}'> |
||
103 | office | 138 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
108 | office | 139 | <meta property="og:video:width" content="425"> |
140 | <meta property="og:video:height" content="300"> |
||
103 | office | 141 | </head> |
142 | |||
143 | <body> |
||
144 | <p> |
||
110 | office | 145 | <object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="https://cpy.ro/flowplayer/flowplayer.swf" type="application/x-shockwave-flash"><param name="movie" value="https://cpy.ro/flowplayer/flowplayer.swf" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
103 | office | 146 | </p> |
147 | </body> |
||
148 | |||
149 | </html> |
||
150 | END; |
||
107 | office | 151 | break; |
90 | office | 152 | } |
153 | |||
154 | |||
155 |