scratch – Diff between revs 108 and 110
?pathlinks?
Rev 108 | Rev 110 | |||
---|---|---|---|---|
1 | <?php |
1 | <?php |
|
2 | |
2 | |
|
3 | ########################################################################### |
3 | ########################################################################### |
|
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
5 | ########################################################################### |
5 | ########################################################################### |
|
6 | |
6 | |
|
7 | require_once('php/pseudocrypt.php'); |
7 | require_once('php/pseudocrypt.php'); |
|
8 | require_once('php/functions.php'); |
8 | require_once('php/functions.php'); |
|
9 | require_once('vendor/autoload.php'); |
9 | require_once('vendor/autoload.php'); |
|
- | 10 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
||
10 | |
11 | |
|
11 | ### Load configuration. |
12 | ### Load configuration. |
|
12 | $config = spyc_load_file('config.yaml'); |
13 | $config = spyc_load_file('config.yaml'); |
|
13 | |
14 | |
|
14 | ### If no file has been specified for download then return. |
15 | ### If no file has been specified for download then return. |
|
15 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
16 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
|
16 | http_response_code(404); |
17 | http_response_code(404); |
|
17 | die('File not found.'); |
18 | die('File not found.'); |
|
18 | } |
19 | } |
|
19 | |
20 | |
|
20 | ### Find the requested file. |
21 | ### Find the requested file. |
|
21 | $file = array_shift( |
22 | $file = array_shift( |
|
22 | preg_grep( |
23 | preg_grep( |
|
23 | "/".$_GET['hash']."/", |
24 | "/".$_GET['hash']."/", |
|
24 | scandir($config['STORE_FOLDER']) |
25 | scandir($config['STORE_FOLDER']) |
|
25 | ) |
26 | ) |
|
26 | ); |
27 | ); |
|
27 | |
28 | |
|
28 | if (!isset($file) or empty($file)) { |
29 | if (!isset($file) or empty($file)) { |
|
29 | http_response_code(404); |
30 | http_response_code(404); |
|
30 | die('File not found.'); |
31 | die('File not found.'); |
|
31 | } |
32 | } |
|
32 | |
33 | |
|
33 | ### Check the path for path traversals. |
34 | ### Check the path for path traversals. |
|
34 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
35 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
|
35 | |
36 | |
|
36 | #### If the extension is not allowed then return. |
37 | #### If the extension is not allowed then return. |
|
37 | if (!isset($fileExtension) || |
38 | if (!isset($fileExtension) || |
|
38 | !in_array(strtoupper($fileExtension), |
39 | !in_array(strtoupper($fileExtension), |
|
39 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
40 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
|
40 | http_response_code(403); |
41 | http_response_code(403); |
|
41 | die('File extension not allowed.'); |
42 | die('File extension not allowed.'); |
|
42 | } |
43 | } |
|
43 | |
44 | |
|
44 | #### Build the user path. |
45 | #### Build the user path. |
|
45 | $userPath = join( |
46 | $userPath = join( |
|
46 | DIRECTORY_SEPARATOR, |
47 | DIRECTORY_SEPARATOR, |
|
47 | array( |
48 | array( |
|
48 | $config['STORE_FOLDER'], |
49 | $config['STORE_FOLDER'], |
|
49 | $file |
50 | $file |
|
50 | ) |
51 | ) |
|
51 | ); |
52 | ); |
|
52 | |
53 | |
|
53 | #### Check for path traversals |
54 | #### Check for path traversals |
|
54 | $pathPart = pathinfo($userPath); |
55 | $pathPart = pathinfo($userPath); |
|
55 | if (strcasecmp( |
56 | if (strcasecmp( |
|
56 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
57 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
57 | http_response_code(500); |
58 | http_response_code(500); |
|
58 | die('Internal server error.'); |
59 | die('Internal server error.'); |
|
59 | } |
60 | } |
|
60 | |
61 | |
|
61 | #### Check if the file exists. |
62 | #### Check if the file exists. |
|
62 | if (!file_exists($userPath)) { |
63 | if (!file_exists($userPath)) { |
|
63 | http_response_code(404); |
64 | http_response_code(404); |
|
64 | die('File not found.'); |
65 | die('File not found.'); |
|
65 | } |
66 | } |
|
66 | |
67 | |
|
67 | $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash']; |
68 | $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash']; |
|
68 | $CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; |
69 | $CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; |
|
69 | $URL = $config['URL_PATH'].$_GET['hash']; |
70 | $BASIC_URL = $config['URL_PATH'].$_GET['hash']; |
|
70 | |
71 | |
|
71 | switch(strtoupper($fileExtension)) { |
72 | switch(strtoupper($fileExtension)) { |
|
72 | case 'GIF': |
73 | case 'GIF': |
|
73 | list($width, $height) = getimagesize($userPath); |
74 | list($width, $height) = getimagesize($userPath); |
|
74 | echo <<<END |
75 | echo <<<END |
|
75 | <html> |
76 | <html> |
|
76 | <head> |
77 | <head> |
|
77 | <meta property="og:site_name" content="Scratch Copy"> |
78 | <meta property="og:site_name" content="Scratch Copy"> |
|
78 | <meta property="og:url" content="$URL"> |
79 | <meta property="og:url" content="$BASIC_URL"> |
|
79 | <meta property="og:title" content="Scratch Copy"> |
80 | <meta property="og:title" content="Scratch Copy"> |
|
80 | <meta property="og:type" content="video.other"> |
81 | <meta property="og:type" content="video.other"> |
|
81 | <meta property="og:image" content="$URL"> |
82 | <meta property="og:image" content="$BASIC_URL"> |
|
82 | <meta property="og:image:width" content="$width"> |
83 | <meta property="og:image:width" content="$width"> |
|
83 | <meta property="og:image:height" content="$height"> |
84 | <meta property="og:image:height" content="$height"> |
|
84 | </head> |
85 | </head> |
|
85 | |
86 | |
|
86 | <body> |
87 | <body> |
|
87 | <p> |
88 | <p> |
|
88 | <img src="$URL"> |
89 | <img src="$URL"> |
|
89 | </p> |
90 | </p> |
|
90 | </body> |
91 | </body> |
|
91 | |
92 | |
|
92 | </html> |
93 | </html> |
|
93 | END; |
94 | END; |
|
94 | break; |
95 | break; |
|
95 | case 'MP4': |
96 | case 'MP4': |
|
- | 97 | ### Create a thumbnail for the video. |
||
- | 98 | $file = strtolower( |
||
- | 99 | PseudoCrypt::hash( |
||
- | 100 | preg_replace( |
||
- | 101 | '/\D/', |
||
- | 102 | '', |
||
- | 103 | hash( |
||
- | 104 | 'sha512', |
||
- | 105 | $_GET['hash'] |
||
- | 106 | ) |
||
- | 107 | ), |
||
- | 108 | $config['ASSET_HASH_SIZE'] |
||
- | 109 | ) |
||
- | 110 | ); |
||
- | 111 | |
||
- | 112 | #### Build the user path. |
||
- | 113 | $userPath = join( |
||
- | 114 | DIRECTORY_SEPARATOR, |
||
- | 115 | array( |
||
- | 116 | $config['STORE_FOLDER'], |
||
- | 117 | $file |
||
- | 118 | ) |
||
- | 119 | ); |
||
- | 120 | |
||
- | 121 | ### Extract thumbnail. |
||
- | 122 | $ffmpeg = FFMpeg\FFMpeg::create(); |
||
- | 123 | $video = $ffmpeg->open($CANON_URL); |
||
- | 124 | $frame = $video->frame(FFMpeg\Coordinate\TimeCode::fromSeconds(42)); |
||
- | 125 | $frame->save($userPath.'.'.'jpg'); |
||
96 | echo <<<END |
126 | echo <<<END |
|
97 | <html> |
127 | <html> |
|
98 | <head> |
128 | <head> |
|
99 | <meta property="og:type" content="video.other"> |
129 | <meta property="og:type" content="video.other"> |
|
100 | <meta property="og:title" content="Scratch Copy"> |
130 | <meta property="og:title" content="Scratch Copy"> |
|
101 | <meta property="og:site_name" content="Scratch Copy"> |
131 | <meta property="og:site_name" content="Scratch Copy"> |
|
102 | |
132 | |
|
103 | <meta property="og:url" content="$GRAPH_URL"> |
133 | <meta property="og:url" content="$GRAPH_URL"> |
|
104 | |
134 | |
|
105 | <meta property="og:image" content="https://cpy.ro/img/blueprint.png"> |
135 | <meta property="og:image" content="https://cpy.ro/$file"> |
|
106 | <meta property="og:video" content='http://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$URL"}'> |
136 | <meta property="og:video" content='http://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$BASIC_URL"}'> |
|
107 | <meta property="og:video:secure_url" content='https://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$URL"}'> |
137 | <meta property="og:video:secure_url" content='https://cpy.ro/flowplayer/flowplayer.swf?config={"clip":"$BASIC_URL"}'> |
|
108 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
138 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
|
109 | <meta property="og:video:width" content="425"> |
139 | <meta property="og:video:width" content="425"> |
|
110 | <meta property="og:video:height" content="300"> |
140 | <meta property="og:video:height" content="300"> |
|
111 | </head> |
141 | </head> |
|
112 | |
142 | |
|
113 | <body> |
143 | <body> |
|
114 | <p> |
144 | <p> |
|
115 | <object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="https://cpy.ro/flowplayer/flowplayer.swf" type="application/x-shockwave-flash"><param name="movie" value="https://cpy.ro/flowplayer/flowplayer.swf" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$URL"}' /></object> |
145 | <object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="https://cpy.ro/flowplayer/flowplayer.swf" type="application/x-shockwave-flash"><param name="movie" value="https://cpy.ro/flowplayer/flowplayer.swf" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
|
116 | </p> |
146 | </p> |
|
117 | </body> |
147 | </body> |
|
118 | |
148 | |
|
119 | </html> |
149 | </html> |
|
120 | END; |
150 | END; |
|
121 | break; |
151 | break; |
|
122 | } |
152 | } |
|
123 | |
153 | |
|
124 | |
154 | |
|
125 | |
155 | |
|
126 | |
156 | |