scratch – Diff between revs 115 and 123
?pathlinks?
Rev 115 | Rev 123 | |||
---|---|---|---|---|
1 | <?php |
1 | <?php |
|
2 | |
2 | |
|
3 | ########################################################################### |
3 | ########################################################################### |
|
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
5 | ########################################################################### |
5 | ########################################################################### |
|
6 | |
6 | |
|
7 | require_once('php/pseudocrypt.php'); |
7 | require_once('php/pseudocrypt.php'); |
|
8 | require_once('php/functions.php'); |
8 | require_once('php/functions.php'); |
|
9 | require_once('vendor/autoload.php'); |
9 | require_once('vendor/autoload.php'); |
|
- | 10 | |
||
- | 11 | ### FFMpeg |
||
10 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
12 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
|
- | 13 | |
||
- | 14 | ### Aura URI |
||
- | 15 | require_once('vendor/aura/uri/src/Aura/Uri/PublicSuffixList.php'); |
||
- | 16 | require_once('vendor/aura/uri/src/Aura/Uri/Url/Factory.php'); |
||
- | 17 | require_once('vendor/aura/uri/src/Aura/Uri/Query.php'); |
||
- | 18 | require_once('vendor/aura/uri/src/Aura/Uri/Host.php'); |
||
- | 19 | require_once('vendor/aura/uri/src/Aura/Uri/Url.php'); |
||
- | 20 | require_once('vendor/aura/uri/src/Aura/Uri/Path.php'); |
||
- | 21 | use Aura\Uri\Url\Factory as UrlFactory; |
||
- | 22 | use Aura\Uri\PublicSuffixList; |
||
11 | |
23 | |
|
12 | ### Load configuration. |
24 | ### Load configuration. |
|
13 | $config = spyc_load_file('config.yaml'); |
25 | $config = spyc_load_file('config.yaml'); |
|
14 | |
26 | |
|
15 | ### If no file has been specified for download then return. |
27 | ### If no file has been specified for download then return. |
|
16 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
28 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
|
17 | http_response_code(404); |
29 | http_response_code(404); |
|
18 | die('File not found.'); |
30 | die('File not found.'); |
|
19 | } |
31 | } |
|
20 | |
32 | |
|
21 | ### Find the requested file. |
33 | ### Find the requested file. |
|
22 | $file = array_shift( |
34 | $file = array_shift( |
|
23 | preg_grep( |
35 | preg_grep( |
|
24 | "/".$_GET['hash']."/", |
36 | "/".$_GET['hash']."/", |
|
25 | scandir($config['STORE_FOLDER']) |
37 | scandir($config['STORE_FOLDER']) |
|
26 | ) |
38 | ) |
|
27 | ); |
39 | ); |
|
28 | |
40 | |
|
29 | if (!isset($file) or empty($file)) { |
41 | if (!isset($file) or empty($file)) { |
|
30 | http_response_code(404); |
42 | http_response_code(404); |
|
31 | die('File not found.'); |
43 | die('File not found.'); |
|
32 | } |
44 | } |
|
33 | |
45 | |
|
34 | ### Check the path for path traversals. |
46 | ### Check the path for path traversals. |
|
35 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
47 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
|
36 | |
48 | |
|
37 | #### If the extension is not allowed then return. |
49 | #### If the extension is not allowed then return. |
|
38 | if (!isset($fileExtension) || |
50 | if (!isset($fileExtension) || |
|
39 | !in_array(strtoupper($fileExtension), |
51 | !in_array(strtoupper($fileExtension), |
|
40 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
52 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
|
41 | http_response_code(403); |
53 | http_response_code(403); |
|
42 | die('File extension not allowed.'); |
54 | die('File extension not allowed.'); |
|
43 | } |
55 | } |
|
44 | |
56 | |
|
45 | #### Build the user path. |
57 | #### Build the user path. |
|
46 | $userPath = join( |
58 | $userPath = join( |
|
47 | DIRECTORY_SEPARATOR, |
59 | DIRECTORY_SEPARATOR, |
|
48 | array( |
60 | array( |
|
49 | $config['STORE_FOLDER'], |
61 | $config['STORE_FOLDER'], |
|
50 | $file |
62 | $file |
|
51 | ) |
63 | ) |
|
52 | ); |
64 | ); |
|
53 | |
65 | |
|
54 | #### Check for path traversals |
66 | #### Check for path traversals |
|
55 | $pathPart = pathinfo($userPath); |
67 | $pathPart = pathinfo($userPath); |
|
56 | if (strcasecmp( |
68 | if (strcasecmp( |
|
57 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
69 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
58 | http_response_code(500); |
70 | http_response_code(500); |
|
59 | die('Internal server error.'); |
71 | die('Internal server error.'); |
|
60 | } |
72 | } |
|
61 | |
73 | |
|
62 | #### Check if the file exists. |
74 | #### Check if the file exists. |
|
63 | if (!file_exists($userPath)) { |
75 | if (!file_exists($userPath)) { |
|
64 | http_response_code(404); |
76 | http_response_code(404); |
|
65 | die('File not found.'); |
77 | die('File not found.'); |
|
66 | } |
78 | } |
|
- | 79 | |
||
- | 80 | ### Extract the server path. |
||
- | 81 | $URLFactory = new UrlFactory( |
||
- | 82 | $_SERVER, |
||
- | 83 | new PublicSuffixList(require 'vendor/aura/uri/data/public-suffix-list.php') |
||
- | 84 | ); |
||
- | 85 | $URL = $URLFactory->newCurrent(); |
||
- | 86 | |
||
- | 87 | ### HTTPs has to be enforced for opengraph sharing. |
||
- | 88 | if(strtoupper($URL->scheme) != 'HTTPS') |
||
- | 89 | $URL->setScheme('https'); |
||
- | 90 | |
||
- | 91 | $URL_PATH = array_shift( |
||
- | 92 | explode( |
||
- | 93 | 'og/'.$_GET['hash'], |
||
- | 94 | $URL->getFull() |
||
- | 95 | ) |
||
- | 96 | ); |
||
67 | |
97 | |
|
68 | $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash']; |
98 | $GRAPH_URL = $URL_PATH.'og/'.$_GET['hash']; |
|
69 | $CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; |
99 | $CANON_URL = $URL_PATH.'file.php?hash='.$_GET['hash']; |
|
70 | $BASIC_URL = $config['URL_PATH'].$_GET['hash']; |
100 | $BASIC_URL = $URL_PATH.$_GET['hash']; |
|
71 | |
101 | |
|
72 | switch(strtoupper($fileExtension)) { |
102 | switch(strtoupper($fileExtension)) { |
|
73 | case 'GIF': |
103 | case 'GIF': |
|
74 | list($width, $height) = getimagesize($userPath); |
104 | list($width, $height) = getimagesize($userPath); |
|
75 | echo <<<END |
105 | echo <<<END |
|
76 | <html> |
106 | <html> |
|
77 | <head> |
107 | <head> |
|
78 | <meta property="og:site_name" content="Scratch Copy"> |
108 | <meta property="og:site_name" content="Scratch Copy"> |
|
79 | <meta property="og:url" content="$BASIC_URL"> |
109 | <meta property="og:url" content="$BASIC_URL"> |
|
80 | <meta property="og:title" content="Scratch Copy"> |
110 | <meta property="og:title" content="Scratch Copy"> |
|
81 | <meta property="og:type" content="video.other"> |
111 | <meta property="og:type" content="video.other"> |
|
82 | <meta property="og:image" content="$BASIC_URL"> |
112 | <meta property="og:image" content="$BASIC_URL"> |
|
83 | <meta property="og:image:width" content="$width"> |
113 | <meta property="og:image:width" content="$width"> |
|
84 | <meta property="og:image:height" content="$height"> |
114 | <meta property="og:image:height" content="$height"> |
|
85 | </head> |
115 | </head> |
|
86 | |
116 | |
|
87 | <body> |
117 | <body> |
|
88 | <p> |
118 | <p> |
|
89 | <img src="$BASIC_URL"> |
119 | <img src="$BASIC_URL"> |
|
90 | </p> |
120 | </p> |
|
91 | </body> |
121 | </body> |
|
92 | |
122 | |
|
93 | </html> |
123 | </html> |
|
94 | END; |
124 | END; |
|
95 | break; |
125 | break; |
|
96 | case 'MP4': |
126 | case 'MP4': |
|
97 | ### Create a thumbnail for the video. |
127 | ### Create a thumbnail for the video. |
|
98 | $file = strtolower( |
128 | $file = strtolower( |
|
99 | PseudoCrypt::hash( |
129 | PseudoCrypt::hash( |
|
100 | preg_replace( |
130 | preg_replace( |
|
101 | '/\D/', |
131 | '/\D/', |
|
102 | '', |
132 | '', |
|
103 | hash( |
133 | hash( |
|
104 | 'sha512', |
134 | 'sha512', |
|
105 | $_GET['hash'] |
135 | $_GET['hash'] |
|
106 | ) |
136 | ) |
|
107 | ), |
137 | ), |
|
108 | $config['ASSET_HASH_SIZE'] |
138 | $config['ASSET_HASH_SIZE'] |
|
109 | ) |
139 | ) |
|
110 | ); |
140 | ); |
|
111 | |
141 | |
|
112 | #### Build the user path. |
142 | #### Build the user path. |
|
113 | $userPath = join( |
143 | $userPath = join( |
|
114 | DIRECTORY_SEPARATOR, |
144 | DIRECTORY_SEPARATOR, |
|
115 | array( |
145 | array( |
|
116 | $config['STORE_FOLDER'], |
146 | $config['STORE_FOLDER'], |
|
117 | $file |
147 | $file |
|
118 | ) |
148 | ) |
|
119 | ); |
149 | ); |
|
120 | |
150 | |
|
121 | ### Do not re-create the thumbnail if it already exists. |
151 | ### Do not re-create the thumbnail if it already exists. |
|
122 | if(!file_exists($userPath.'.'.'jpg')) { |
152 | if(!file_exists($userPath.'.'.'jpg')) { |
|
123 | ### Extract thumbnail. |
153 | ### Extract thumbnail. |
|
124 | $ffmpeg = FFMpeg\FFMpeg::create(); |
154 | $ffmpeg = FFMpeg\FFMpeg::create(); |
|
125 | $video = $ffmpeg->open($CANON_URL); |
155 | $video = $ffmpeg->open($CANON_URL); |
|
126 | $frame = $video->frame( |
156 | $frame = $video->frame( |
|
127 | FFMpeg\Coordinate\TimeCode::fromSeconds( |
157 | FFMpeg\Coordinate\TimeCode::fromSeconds( |
|
128 | $config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND'] |
158 | $config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND'] |
|
129 | ) |
159 | ) |
|
130 | ); |
160 | ); |
|
131 | $frame->save($userPath.'.'.'jpg'); |
161 | $frame->save($userPath.'.'.'jpg'); |
|
132 | } |
162 | } |
|
133 | |
163 | |
|
134 | ### Get preview image size. |
164 | ### Get preview image size. |
|
135 | list($imageWidth, $imageHeight) = getimagesize($userPath.'.'.'jpg'); |
165 | list($imageWidth, $imageHeight) = getimagesize($userPath.'.'.'jpg'); |
|
136 | |
166 | |
|
137 | ### Probe video for width and height. |
167 | ### Probe video for width and height. |
|
138 | $ffprobe = FFMpeg\FFProbe::create(); |
168 | $ffprobe = FFMpeg\FFProbe::create(); |
|
139 | $dimension = $ffprobe |
169 | $dimension = $ffprobe |
|
140 | ->streams($CANON_URL) |
170 | ->streams($CANON_URL) |
|
141 | ->videos() |
171 | ->videos() |
|
142 | ->first() |
172 | ->first() |
|
143 | ->getDimensions(); |
173 | ->getDimensions(); |
|
144 | |
174 | |
|
145 | $videoWidth = $dimension->getWidth(); |
175 | $videoWidth = $dimension->getWidth(); |
|
146 | $videoHeight = $dimension->getHeight(); |
176 | $videoHeight = $dimension->getHeight(); |
|
147 | |
177 | |
|
148 | ### Build paths. |
178 | ### Build paths. |
|
149 | $PREVIEW_IMAGE_URL = $config['URL_PATH'].$file; |
179 | $PREVIEW_IMAGE_URL = $URL_PATH.$file; |
|
150 | $FLOW_PLAYER_VIDEO_URL = $config['URL_PATH'].'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}'; |
180 | $FLOW_PLAYER_VIDEO_URL = $URL_PATH.'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}'; |
|
151 | $FLOW_PLAYER = $config['URL_PATH'].'flowplayer/flowplayer.swf'; |
181 | $FLOW_PLAYER = $URL_PATH.'flowplayer/flowplayer.swf'; |
|
152 | |
182 | |
|
153 | echo <<<END |
183 | echo <<<END |
|
154 | <html> |
184 | <html> |
|
155 | <head> |
185 | <head> |
|
156 | <meta property="og:type" content="video.other"> |
186 | <meta property="og:type" content="video.other"> |
|
157 | <meta property="og:title" content="Scratch Copy"> |
187 | <meta property="og:title" content="Scratch Copy"> |
|
158 | <meta property="og:site_name" content="Scratch Copy"> |
188 | <meta property="og:site_name" content="Scratch Copy"> |
|
159 | |
189 | |
|
160 | <meta property="og:url" content="$GRAPH_URL"> |
190 | <meta property="og:url" content="$GRAPH_URL"> |
|
161 | |
191 | |
|
162 | <meta property="og:image" content="$PREVIEW_IMAGE_URL"> |
192 | <meta property="og:image" content="$PREVIEW_IMAGE_URL"> |
|
163 | <meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'> |
193 | <meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'> |
|
164 | <meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'> |
194 | <meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'> |
|
165 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
195 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
|
166 | <meta property="og:video:width" content="$videoWidth"> |
196 | <meta property="og:video:width" content="$videoWidth"> |
|
167 | <meta property="og:video:height" content="$videoHeight"> |
197 | <meta property="og:video:height" content="$videoHeight"> |
|
168 | |
198 | |
|
169 | <meta property="og:image:width" content="$imageWidth"> |
199 | <meta property="og:image:width" content="$imageWidth"> |
|
170 | <meta property="og:image:height" content="$imageHeight"> |
200 | <meta property="og:image:height" content="$imageHeight"> |
|
171 | </head> |
201 | </head> |
|
172 | |
202 | |
|
173 | <body> |
203 | <body> |
|
174 | <p> |
204 | <p> |
|
175 | <object width="$videoWidth" height="$videoHeight" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
205 | <object width="$videoWidth" height="$videoHeight" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
|
176 | </p> |
206 | </p> |
|
177 | </body> |
207 | </body> |
|
178 | |
208 | |
|
179 | </html> |
209 | </html> |
|
180 | END; |
210 | END; |
|
181 | break; |
211 | break; |
|
182 | } |
212 | } |
|
183 | |
213 | |
|
184 | |
214 | |
|
185 | |
215 | |
|
186 | |
216 | |