scratch – Diff between revs 7 and 11

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 7 Rev 11
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   6  
7 require_once('includes/pseudocrypt.php'); 7 require_once('includes/pseudocrypt.php');
8 require_once('includes/functions.php'); 8 require_once('includes/functions.php');
9 require_once('config.php'); 9 require_once('config.php');
10   -  
11 # Upload data can be POST'ed as raw form data or uploaded via <iframe> and -  
12 # <form> using regular multipart/form-data enctype (which is handled by 10  
13 # PHP $_FILES). 11 #### Retrieve uploaded file.
14 if (!empty($_FILES['file']) and 12 if (!empty($_FILES['file']) and
15 is_uploaded_file($_FILES['file']['tmp_name'])) { 13 is_uploaded_file($_FILES['file']['tmp_name'])) {
16 # Regular multipart/form-data upload. 14 # Regular multipart/form-data upload.
17 $name = $_FILES['file']['name']; 15 $name = $_FILES['file']['name'];
18 $data = file_get_contents($_FILES['file']['tmp_name']); 16 $data = file_get_contents($_FILES['file']['tmp_name']);
19 } else { 17 } else {
20 # Raw POST data. 18 # Raw POST data.
21 $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); 19 $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']);
22 $data = file_get_contents("php://input"); 20 $data = file_get_contents("php://input");
23 } 21 }
24   -  
25 ## Hash filename and check storage in the upload folder. 22  
-   23 $fileExtension = pathinfo($name, PATHINFO_EXTENSION);
-   24  
26 $fileExtension = pathinfo($name, PATHINFO_EXTENSION); 25 #### Check that the file extension is allowed.
-   26 if(!isset($fileExtension) ||
-   27 !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS))
-   28 return;
-   29  
27 if ($fileExtension != '') { 30 #### Hash filename and check storage in the upload folder.
28 $storePath = realpath($STORE_FOLDER); 31 $storePath = realpath($STORE_FOLDER);
29 $file = strtolower( 32 $file = strtolower(
30 PseudoCrypt::hash( 33 PseudoCrypt::hash(
31 preg_replace( 34 preg_replace(
32 '/\D/', 35 '/\D/',
33 '', 36 '',
34 hash( 37 hash(
35 'sha512', 38 'sha512',
36 $name -  
37 ) 39 $name
38 ) -  
39 ). -  
40 '.'. -  
41 $fileExtension -  
42 ); -  
43 $userPath = join( -  
44 DIRECTORY_SEPARATOR, -  
45 array( -  
46 $STORE_FOLDER, -  
47 $file 40 )
48 ) 41 )
-   42 ).
-   43 '.'.
-   44 $fileExtension
-   45 );
-   46 $userPath = join(
-   47 DIRECTORY_SEPARATOR,
-   48 array(
-   49 $STORE_FOLDER,
-   50 $file
-   51 )
-   52 );
-   53  
49 ); 54 #### Check for path traversals.
50 $pathPart = pathinfo($userPath); 55 $pathPart = pathinfo($userPath);
51 if (realpath($pathPart['dirname']) == $storePath) { 56 if (realpath($pathPart['dirname']) == $storePath) {
52 atomized_put_contents($userPath, $data); 57 atomized_put_contents($userPath, $data);
53 $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); -  
54 } 58 $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file);
55 } 59 }
56   60  
57 # Return the URL to the file. 61 ### Return the URL to the file.
58 header('Content-Type: text/plain; charset=utf-8'); 62 header('Content-Type: text/plain; charset=utf-8');
59 echo $output; 63 echo $output;
60   64