scratch – Diff between revs 81 and 87
?pathlinks?
Rev 81 | Rev 87 | |||
---|---|---|---|---|
1 | <?php |
1 | <?php |
|
2 | |
2 | |
|
3 | ########################################################################### |
3 | ########################################################################### |
|
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
5 | ########################################################################### |
5 | ########################################################################### |
|
6 | |
6 | |
|
7 | require_once('php/pseudocrypt.php'); |
7 | require_once('php/pseudocrypt.php'); |
|
8 | require_once('php/functions.php'); |
8 | require_once('php/functions.php'); |
|
9 | require_once('vendor/mustangostang/spyc/Spyc.php'); |
9 | require_once('vendor/autoload.php'); |
|
10 | |
10 | |
|
11 | ### Load configuration. |
11 | ### Load configuration. |
|
12 | $config = spyc_load_file('config.yaml'); |
12 | $config = spyc_load_file('config.yaml'); |
|
13 | |
13 | |
|
14 | ### If no file has been specified for download then return. |
14 | ### If no file has been specified for download then return. |
|
15 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
15 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
|
16 | http_response_code(404); |
16 | http_response_code(404); |
|
17 | die('File not found.'); |
17 | die('File not found.'); |
|
18 | } |
18 | } |
|
19 | |
19 | |
|
20 | ### If no timestamp has been provided then return. |
20 | ### If no timestamp has been provided then return. |
|
21 | if (!isset($_GET['timestamp']) or empty($_GET['timestamp'])) { |
21 | if (!isset($_GET['timestamp']) or empty($_GET['timestamp'])) { |
|
22 | http_response_code(403); |
22 | http_response_code(403); |
|
23 | die('Forbidden.'); |
23 | die('Forbidden.'); |
|
24 | } |
24 | } |
|
25 | |
25 | |
|
26 | ### Find the requested file. |
26 | ### Find the requested file. |
|
27 | $file = array_shift( |
27 | $file = array_shift( |
|
28 | preg_grep( |
28 | preg_grep( |
|
29 | "/".$_GET['hash']."/", |
29 | "/".$_GET['hash']."/", |
|
30 | scandir($config['STORE_FOLDER']) |
30 | scandir($config['STORE_FOLDER']) |
|
31 | ) |
31 | ) |
|
32 | ); |
32 | ); |
|
33 | |
33 | |
|
34 | if (!isset($file) or empty($file)) { |
34 | if (!isset($file) or empty($file)) { |
|
35 | http_response_code(404); |
35 | http_response_code(404); |
|
36 | die('File not found.'); |
36 | die('File not found.'); |
|
37 | } |
37 | } |
|
38 | |
38 | |
|
39 | ### Check the path for path traversals. |
39 | ### Check the path for path traversals. |
|
40 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
40 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
|
41 | |
41 | |
|
42 | #### If the extension is not allowed then return. |
42 | #### If the extension is not allowed then return. |
|
43 | if (!isset($fileExtension) || |
43 | if (!isset($fileExtension) || |
|
44 | !in_array(strtoupper($fileExtension), |
44 | !in_array(strtoupper($fileExtension), |
|
45 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
45 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
|
46 | http_response_code(403); |
46 | http_response_code(403); |
|
47 | die('File extension not allowed.'); |
47 | die('File extension not allowed.'); |
|
48 | } |
48 | } |
|
49 | |
49 | |
|
50 | #### Build the user path. |
50 | #### Build the user path. |
|
51 | $userPath = join( |
51 | $userPath = join( |
|
52 | DIRECTORY_SEPARATOR, |
52 | DIRECTORY_SEPARATOR, |
|
53 | array( |
53 | array( |
|
54 | $config['STORE_FOLDER'], |
54 | $config['STORE_FOLDER'], |
|
55 | $file |
55 | $file |
|
56 | ) |
56 | ) |
|
57 | ); |
57 | ); |
|
58 | |
58 | |
|
59 | #### Check for path traversals |
59 | #### Check for path traversals |
|
60 | $pathPart = pathinfo($userPath); |
60 | $pathPart = pathinfo($userPath); |
|
61 | if (strcasecmp( |
61 | if (strcasecmp( |
|
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
63 | http_response_code(500); |
63 | http_response_code(500); |
|
64 | die('Internal server error.'); |
64 | die('Internal server error.'); |
|
65 | } |
65 | } |
|
66 | |
66 | |
|
67 | #### Check if the file exists. |
67 | #### Check if the file exists. |
|
68 | if (!file_exists($userPath)) { |
68 | if (!file_exists($userPath)) { |
|
69 | http_response_code(404); |
69 | http_response_code(404); |
|
70 | die('File not found.'); |
70 | die('File not found.'); |
|
71 | } |
71 | } |
|
72 | |
72 | |
|
73 | ### Check if the timestamp matches. |
73 | ### Check if the timestamp matches. |
|
74 | if (filemtime($userPath) != $_GET['timestamp']) { |
74 | if (filemtime($userPath) != $_GET['timestamp']) { |
|
75 | http_response_code(403); |
75 | http_response_code(403); |
|
76 | die('Forbidden.'); |
76 | die('Forbidden.'); |
|
77 | } |
77 | } |
|
78 | |
78 | |
|
79 | unlink($userPath); |
79 | unlink($userPath); |
|
80 | |
80 | |