scratch

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 10  →  ?path2? @ 11
/quickload/upload.php
@@ -8,10 +8,8 @@
require_once('includes/functions.php');
require_once('config.php');
 
# Upload data can be POST'ed as raw form data or uploaded via <iframe> and
# <form> using regular multipart/form-data enctype (which is handled by
# PHP $_FILES).
if (!empty($_FILES['file']) and
#### Retrieve uploaded file.
if (!empty($_FILES['file']) and
is_uploaded_file($_FILES['file']['tmp_name'])) {
# Regular multipart/form-data upload.
$name = $_FILES['file']['name'];
@@ -22,38 +20,44 @@
$data = file_get_contents("php://input");
}
 
## Hash filename and check storage in the upload folder.
$fileExtension = pathinfo($name, PATHINFO_EXTENSION);
if ($fileExtension != '') {
$storePath = realpath($STORE_FOLDER);
$file = strtolower(
PseudoCrypt::hash(
preg_replace(
'/\D/',
'',
hash(
'sha512',
$name
)
 
#### Check that the file extension is allowed.
if(!isset($fileExtension) ||
!in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS))
return;
 
#### Hash filename and check storage in the upload folder.
$storePath = realpath($STORE_FOLDER);
$file = strtolower(
PseudoCrypt::hash(
preg_replace(
'/\D/',
'',
hash(
'sha512',
$name
)
).
'.'.
$fileExtension
);
$userPath = join(
DIRECTORY_SEPARATOR,
array(
$STORE_FOLDER,
$file
)
);
$pathPart = pathinfo($userPath);
if (realpath($pathPart['dirname']) == $storePath) {
atomized_put_contents($userPath, $data);
$output = sprintf('%s/%s', trim($URL_PATH, '/'), $file);
}
).
'.'.
$fileExtension
);
$userPath = join(
DIRECTORY_SEPARATOR,
array(
$STORE_FOLDER,
$file
)
);
 
#### Check for path traversals.
$pathPart = pathinfo($userPath);
if (realpath($pathPart['dirname']) == $storePath) {
atomized_put_contents($userPath, $data);
$output = sprintf('%s/%s', trim($URL_PATH, '/'), $file);
}
 
# Return the URL to the file.
### Return the URL to the file.
header('Content-Type: text/plain; charset=utf-8');
echo $output;