scratch – Diff between revs 94 and 96
?pathlinks?
Rev 94 | Rev 96 | |||
---|---|---|---|---|
1 | <?php |
1 | <?php |
|
2 | |
2 | |
|
3 | ########################################################################### |
3 | ########################################################################### |
|
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
5 | ########################################################################### |
5 | ########################################################################### |
|
6 | |
6 | |
|
7 | require_once('php/pseudocrypt.php'); |
7 | require_once('php/pseudocrypt.php'); |
|
8 | require_once('php/functions.php'); |
8 | require_once('php/functions.php'); |
|
9 | require_once('vendor/autoload.php'); |
9 | require_once('vendor/autoload.php'); |
|
10 | |
10 | |
|
11 | ### Load configuration. |
11 | ### Load configuration. |
|
12 | $config = spyc_load_file('config.yaml'); |
12 | $config = spyc_load_file('config.yaml'); |
|
13 | |
13 | |
|
14 | #### Script restrictions. |
14 | #### Script restrictions. |
|
15 | if( |
- | ||
16 | ( |
- | ||
17 | !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or |
- | ||
18 | empty($_SERVER['HTTP_X_REQUESTED_WITH']) or |
- | ||
19 | strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
- | ||
20 | ) |
- | ||
21 | or |
- | ||
22 | ( |
- | ||
23 | ( |
- | ||
24 | !isset($_SERVER['HTTP_REFERER']) or |
- | ||
25 | empty($_SERVER['HTTP_REFERER']) |
- | ||
26 | ) |
- | ||
27 | and |
15 | session_start(); |
|
28 | ( |
- | ||
29 | #strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or |
16 | if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { |
|
30 | strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
- | ||
31 | ) |
- | ||
32 | ) |
- | ||
33 | ) |
- | ||
34 | { |
- | ||
35 | http_response_code(403); |
17 | http_response_code(403); |
|
36 | die('Forbidden.'); |
18 | die('Forbidden.'); |
|
37 | } |
19 | } |
|
38 | |
20 | |
|
39 | #### Check if the fingerprint and action are set parameters. |
21 | #### Check if the fingerprint and action are set parameters. |
|
40 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
22 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
|
41 | !preg_match('/^[A-Za-z0-9]{32}$/', $_POST['fingerprint']) or |
23 | !preg_match('/^[A-Za-z0-9]{32}$/', $_POST['fingerprint']) or |
|
42 | !isset($_POST['action']) or empty($_POST['action'])) { |
24 | !isset($_POST['action']) or empty($_POST['action'])) { |
|
43 | http_response_code(500); |
25 | http_response_code(500); |
|
44 | die('Internal server error.'); |
26 | die('Internal server error.'); |
|
45 | } |
27 | } |
|
46 | |
28 | |
|
47 | #### Check fingerprint consistency. |
29 | #### Check fingerprint consistency. |
|
48 | $fingerprint = strtoupper($_POST['fingerprint']); |
30 | $fingerprint = strtoupper($_POST['fingerprint']); |
|
49 | if(strlen($fingerprint) !== 32) { |
31 | if(strlen($fingerprint) !== 32) { |
|
50 | http_response_code(500); |
32 | http_response_code(500); |
|
51 | die('Internal server error.'); |
33 | die('Internal server error.'); |
|
52 | } |
34 | } |
|
53 | |
35 | |
|
54 | $action = strtoupper($_POST['action']); |
36 | $action = strtoupper($_POST['action']); |
|
55 | |
37 | |
|
56 | #### Data must be sent in order to save a file. |
38 | #### Data must be sent in order to save a file. |
|
57 | if($action === 'SAVE' and !isset($_POST['data'])) { |
39 | if($action === 'SAVE' and !isset($_POST['data'])) { |
|
58 | http_response_code(500); |
40 | http_response_code(500); |
|
59 | die('Internal server error.'); |
41 | die('Internal server error.'); |
|
60 | } |
42 | } |
|
61 | |
43 | |
|
62 | #### Hash fingerprint. |
44 | #### Hash fingerprint. |
|
63 | $file = strtolower( |
45 | $file = strtolower( |
|
64 | PseudoCrypt::hash( |
46 | PseudoCrypt::hash( |
|
65 | preg_replace( |
47 | preg_replace( |
|
66 | '/\D/', |
48 | '/\D/', |
|
67 | '', |
49 | '', |
|
68 | hash( |
50 | hash( |
|
69 | 'sha512', |
51 | 'sha512', |
|
70 | $fingerprint |
52 | $fingerprint |
|
71 | ) |
53 | ) |
|
72 | ), |
54 | ), |
|
73 | $config['ASSET_HASH_SIZE'] |
55 | $config['ASSET_HASH_SIZE'] |
|
74 | ) |
56 | ) |
|
75 | ); |
57 | ); |
|
76 | |
58 | |
|
77 | #### Build the user path. |
59 | #### Build the user path. |
|
78 | $userPath = join( |
60 | $userPath = join( |
|
79 | DIRECTORY_SEPARATOR, |
61 | DIRECTORY_SEPARATOR, |
|
80 | array( |
62 | array( |
|
81 | $config['STORE_FOLDER'], |
63 | $config['STORE_FOLDER'], |
|
82 | $file |
64 | $file |
|
83 | ) |
65 | ) |
|
84 | ); |
66 | ); |
|
85 | |
67 | |
|
86 | #### Check for path traversals |
68 | #### Check for path traversals |
|
87 | $pathPart = pathinfo($userPath.'.html'); |
69 | $pathPart = pathinfo($userPath.'.html'); |
|
88 | if (strcasecmp( |
70 | if (strcasecmp( |
|
89 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
71 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
90 | http_response_code(500); |
72 | http_response_code(500); |
|
91 | die('Internal server error.'); |
73 | die('Internal server error.'); |
|
92 | } |
74 | } |
|
93 | |
75 | |
|
94 | switch($action) { |
76 | switch($action) { |
|
95 | case 'SAVE': |
77 | case 'SAVE': |
|
96 | #### Store the file. |
78 | #### Store the file. |
|
97 | atomized_put_contents($userPath.'.html', $_POST['data']); |
79 | atomized_put_contents($userPath.'.html', $_POST['data']); |
|
98 | break; |
80 | break; |
|
99 | case 'LOAD': |
81 | case 'LOAD': |
|
100 | if(!file_exists($userPath.'.html')) { |
82 | if(!file_exists($userPath.'.html')) { |
|
101 | ### If the file does not exist, present an empty file instead of 404. |
83 | ### If the file does not exist, present an empty file instead of 404. |
|
102 | echo ''; |
84 | echo ''; |
|
103 | return; |
85 | return; |
|
104 | } |
86 | } |
|
105 | ### Set no-cache |
87 | ### Set no-cache |
|
106 | header('Content-Type: text/html; charset=utf-8'); |
88 | header('Content-Type: text/html; charset=utf-8'); |
|
107 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
89 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
|
108 | header('Pragma: no-cache'); |
90 | header('Pragma: no-cache'); |
|
109 | header('Expires: 0'); |
91 | header('Expires: 0'); |
|
110 | ### Open MIME info database and send the content type. |
92 | ### Open MIME info database and send the content type. |
|
111 | header('Content-type: text/html'); |
93 | header('Content-type: text/html'); |
|
112 | ### Send the file along with the inline content disposition. |
94 | ### Send the file along with the inline content disposition. |
|
113 | header('Content-length: '.(int)get_file_size($userPath.'.html')); |
95 | header('Content-length: '.(int)get_file_size($userPath.'.html')); |
|
114 | header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"'); |
96 | header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"'); |
|
115 | header('X-Sendfile: '.$userPath.'.html'); |
97 | header('X-Sendfile: '.$userPath.'.html'); |
|
116 | break; |
98 | break; |
|
117 | } |
99 | } |
|
118 | |
100 | |
|
119 | |
101 | |