scratch – Diff between revs 103 and 104

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 103 Rev 104
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   6  
7 require_once('php/pseudocrypt.php'); 7 require_once('php/pseudocrypt.php');
8 require_once('php/functions.php'); 8 require_once('php/functions.php');
9 require_once('vendor/autoload.php'); 9 require_once('vendor/autoload.php');
10   10  
11 ### Load configuration. 11 ### Load configuration.
12 $config = spyc_load_file('config.yaml'); 12 $config = spyc_load_file('config.yaml');
13   13  
14 ### If no file has been specified for download then return. 14 ### If no file has been specified for download then return.
15 if (!isset($_GET['hash']) or empty($_GET['hash'])) { 15 if (!isset($_GET['hash']) or empty($_GET['hash'])) {
16 http_response_code(404); 16 http_response_code(404);
17 die('File not found.'); 17 die('File not found.');
18 } 18 }
19   19  
20 ### Find the requested file. 20 ### Find the requested file.
21 $file = array_shift( 21 $file = array_shift(
22 preg_grep( 22 preg_grep(
23 "/".$_GET['hash']."/", 23 "/".$_GET['hash']."/",
24 scandir($config['STORE_FOLDER']) 24 scandir($config['STORE_FOLDER'])
25 ) 25 )
26 ); 26 );
27   27  
28 if (!isset($file) or empty($file)) { 28 if (!isset($file) or empty($file)) {
29 http_response_code(404); 29 http_response_code(404);
30 die('File not found.'); 30 die('File not found.');
31 } 31 }
32   32  
33 ### Check the path for path traversals. 33 ### Check the path for path traversals.
34 $fileExtension = pathinfo($file, PATHINFO_EXTENSION); 34 $fileExtension = pathinfo($file, PATHINFO_EXTENSION);
35   35  
36 #### If the extension is not allowed then return. 36 #### If the extension is not allowed then return.
37 if (!isset($fileExtension) || 37 if (!isset($fileExtension) ||
38 !in_array(strtoupper($fileExtension), 38 !in_array(strtoupper($fileExtension),
39 array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { 39 array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) {
40 http_response_code(403); 40 http_response_code(403);
41 die('File extension not allowed.'); 41 die('File extension not allowed.');
42 } 42 }
43   43  
44 #### Build the user path. 44 #### Build the user path.
45 $userPath = join( 45 $userPath = join(
46 DIRECTORY_SEPARATOR, 46 DIRECTORY_SEPARATOR,
47 array( 47 array(
48 $config['STORE_FOLDER'], 48 $config['STORE_FOLDER'],
49 $file 49 $file
50 ) 50 )
51 ); 51 );
52   52  
53 #### Check for path traversals 53 #### Check for path traversals
54 $pathPart = pathinfo($userPath); 54 $pathPart = pathinfo($userPath);
55 if (strcasecmp( 55 if (strcasecmp(
56 realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { 56 realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) {
57 http_response_code(500); 57 http_response_code(500);
58 die('Internal server error.'); 58 die('Internal server error.');
59 } 59 }
60   60  
61 #### Check if the file exists. 61 #### Check if the file exists.
62 if (!file_exists($userPath)) { 62 if (!file_exists($userPath)) {
63 http_response_code(404); 63 http_response_code(404);
64 die('File not found.'); 64 die('File not found.');
65 } 65 }
-   66  
66   67 $CANON_URL = $config['URL_PATH'].$_GET['hash'];
67 $URL = $config['URL_PATH'].'og/'.$_GET['hash']; 68 $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash'];
68 $VIDEO_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; 69 $VIDEO_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash'];
69   70  
70 switch(strtoupper($fileExtension)) { 71 switch(strtoupper($fileExtension)) {
71 case 'GIF': 72 case 'GIF':
72 list($width, $height) = getimagesize($userPath); 73 list($width, $height) = getimagesize($userPath);
73 echo <<<END 74 echo <<<END
74 <html> 75 <html>
75 <head> 76 <head>
76 <meta property="og:site_name" content="Scratch Copy"> 77 <meta property="og:site_name" content="Scratch Copy">
77 <meta property="og:url" content="$URL"> 78 <meta property="og:url" content="$GRAPH_URL">
78 <meta property="og:title" content="Scratch Copy"> 79 <meta property="og:title" content="Scratch Copy">
79 <meta property="og:type" content="video.other"> 80 <meta property="og:type" content="video.other">
80 <meta property="og:image" content="$VIDEO_URL"> 81 <meta property="og:image" content="$CANON_URL">
81 <meta property="og:image:width" content="$width"> 82 <meta property="og:image:width" content="$width">
82 <meta property="og:image:height" content="$height"> 83 <meta property="og:image:height" content="$height">
83 </head> 84 </head>
84   85  
85 <body> 86 <body>
86 <p> 87 <p>
87 <img src="$URL"> 88 <img src="$URL">
88 </p> 89 </p>
89 </body> 90 </body>
90   91  
91 </html> 92 </html>
92 END; 93 END;
93 break; 94 break;
94 case 'MP4': 95 case 'MP4':
95 echo <<<END 96 echo <<<END
96 <html> 97 <html>
97 <head> 98 <head>
98 <!-- These two aren't necessary for embedding. --> 99 <!-- These two aren't necessary for embedding. -->
99 <meta property="og:site_name" content="Scratch Copy"> 100 <meta property="og:site_name" content="Scratch Copy">
100 <meta property="og:title" content="Scratch Copy"> 101 <meta property="og:title" content="Scratch Copy">
101 <meta property="og:type" content="video.other"> 102 <meta property="og:type" content="video.other">
102 <meta property="og:description" content="Scratch Copy"> 103 <meta property="og:description" content="Scratch Copy">
103 <meta property="og:url" content="$URL"> 104 <meta property="og:url" content="$GRAPH_URL">
104 <meta property="og:image" content="https://scratch.grimore.org/img/blueprint.png"> 105 <meta property="og:image" content="https://scratch.grimore.org/img/blueprint.png">
105 <meta property="og:video" content='https://scratch.grimore.org/flowplayer/flowplayer.swf?config={"clip":{"url":"$VIDEO_URL"}}'> 106 <meta property="og:video" content='https://scratch.grimore.org/flowplayer/flowplayer.swf?config={"clip":{"url":"$CANON_URL"}}'>
106 <meta property="og:video:secure_url" content='https://scratch.grimore.org/flowplayer/flowplayer.swf?config={"clip":{"url":"$VIDEO_URL"}}'> 107 <meta property="og:video:secure_url" content='https://scratch.grimore.org/flowplayer/flowplayer.swf?config={"clip":{"url":"$CANON_URL"}}'>
107 <meta property="og:video:type" content="application/x-shockwave-flash"> 108 <meta property="og:video:type" content="application/x-shockwave-flash">
108 <meta property="og:video:height" content="254"> 109 <meta property="og:video:height" content="254">
109 <meta property="og:video:width" content="650"> 110 <meta property="og:video:width" content="650">
110 </head> 111 </head>
111   112  
112 <body> 113 <body>
113 <p> 114 <p>
114 <object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="https://scratch.grimore.org/flowplayer/flowplayer.swf" type="application/x-shockwave-flash"><param name="movie" value="https://scratch.grimore.org/flowplayer/flowplayer.swf" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":{"url":"$VIDEO_URL"}}' /></object> 115 <object width="425" height="300" id="Scratch Copy" name="Scratch Copy" data="https://scratch.grimore.org/flowplayer/flowplayer.swf" type="application/x-shockwave-flash"><param name="movie" value="https://scratch.grimore.org/flowplayer/flowplayer.swf" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":{"url":"$CANON_URL"}}' /></object>
115 </p> 116 </p>
116 </body> 117 </body>
117   118  
118 </html> 119 </html>
119 END; 120 END;
120 break; 121 break;
121 } 122 }
122   123  
123   124  
124   125  
125   126