scratch – Blame information for rev 86
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
86 | office | 1 | <?php |
2 | |||
3 | ########################################################################### |
||
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
5 | ########################################################################### |
||
6 | |||
7 | require_once('php/pseudocrypt.php'); |
||
8 | require_once('php/functions.php'); |
||
9 | require_once('vendor/mustangostang/spyc/Spyc.php'); |
||
10 | require_once('vendor/chriskonnertz/open-graph/src/ChrisKonnertz/OpenGraph/OpenGraph.php'); |
||
11 | require_once('vendor/chriskonnertz/open-graph/src/ChrisKonnertz/OpenGraph/OpenGraphTag.php'); |
||
12 | use ChrisKonnertz\OpenGraph\OpenGraph as OpenGraph; |
||
13 | use ChrisKonnertz\OpenGraph\OpenGraphTag as OpenGraphTag; |
||
14 | |||
15 | ### Load configuration. |
||
16 | $config = spyc_load_file('config.yaml'); |
||
17 | |||
18 | ### If no file has been specified for download then return. |
||
19 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
||
20 | http_response_code(404); |
||
21 | die('File not found.'); |
||
22 | } |
||
23 | |||
24 | ### Find the requested file. |
||
25 | $file = array_shift( |
||
26 | preg_grep( |
||
27 | "/".$_GET['hash']."/", |
||
28 | scandir($config['STORE_FOLDER']) |
||
29 | ) |
||
30 | ); |
||
31 | |||
32 | if (!isset($file) or empty($file)) { |
||
33 | http_response_code(404); |
||
34 | die('File not found.'); |
||
35 | } |
||
36 | |||
37 | ### Check the path for path traversals. |
||
38 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
||
39 | |||
40 | #### If the extension is not allowed then return. |
||
41 | if (!isset($fileExtension) || |
||
42 | !in_array(strtoupper($fileExtension), |
||
43 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
||
44 | http_response_code(403); |
||
45 | die('File extension not allowed.'); |
||
46 | } |
||
47 | |||
48 | #### Build the user path. |
||
49 | $userPath = join( |
||
50 | DIRECTORY_SEPARATOR, |
||
51 | array( |
||
52 | $config['STORE_FOLDER'], |
||
53 | $file |
||
54 | ) |
||
55 | ); |
||
56 | |||
57 | #### Check for path traversals |
||
58 | $pathPart = pathinfo($userPath); |
||
59 | if (strcasecmp( |
||
60 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
||
61 | http_response_code(500); |
||
62 | die('Internal server error.'); |
||
63 | } |
||
64 | |||
65 | #### Check if the file exists. |
||
66 | if (!file_exists($userPath)) { |
||
67 | http_response_code(404); |
||
68 | die('File not found.'); |
||
69 | } |
||
70 | |||
71 | list($width, $height) = getimagesize($userPath); |
||
72 | |||
73 | # Create an OpenGraph object with validation. |
||
74 | $og = new OpenGraph(); |
||
75 | |||
76 | $og->title('Scratch Copy') |
||
77 | ->description('Asset Sharing') |
||
78 | ->url($config['URL_PATH'].$_GET['hash']) |
||
79 | ->type('movie') |
||
80 | ->image($config['URL_PATH'].$_GET['hash'], [ |
||
81 | type => 'image/png', |
||
82 | width => $width, |
||
83 | height => $height |
||
84 | ]); |
||
85 | |||
86 | |||
87 | echo $og->renderTags(); |
||
88 |