scratch – Diff between revs 7 and 11
?pathlinks?
Rev 7 | Rev 11 | |||
---|---|---|---|---|
Line 6... | Line 6... | |||
6 | |
6 | |
|
7 | require_once('includes/pseudocrypt.php'); |
7 | require_once('includes/pseudocrypt.php'); |
|
8 | require_once('includes/functions.php'); |
8 | require_once('includes/functions.php'); |
|
Line 9... | Line -... | |||
9 | require_once('config.php'); |
- | ||
10 | |
- | ||
11 | # Upload data can be POST'ed as raw form data or uploaded via <iframe> and |
9 | require_once('config.php'); |
|
12 | # <form> using regular multipart/form-data enctype (which is handled by |
10 | |
|
13 | # PHP $_FILES). |
11 | #### Retrieve uploaded file. |
|
14 | if (!empty($_FILES['file']) and |
12 | if (!empty($_FILES['file']) and |
|
15 | is_uploaded_file($_FILES['file']['tmp_name'])) { |
13 | is_uploaded_file($_FILES['file']['tmp_name'])) { |
|
16 | # Regular multipart/form-data upload. |
14 | # Regular multipart/form-data upload. |
|
Line 20... | Line 18... | |||
20 | # Raw POST data. |
18 | # Raw POST data. |
|
21 | $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); |
19 | $name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']); |
|
22 | $data = file_get_contents("php://input"); |
20 | $data = file_get_contents("php://input"); |
|
23 | } |
21 | } |
|
Line 24... | Line -... | |||
24 | |
- | ||
25 | ## Hash filename and check storage in the upload folder. |
22 | |
|
- | 23 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
||
- | 24 | |
||
26 | $fileExtension = pathinfo($name, PATHINFO_EXTENSION); |
25 | #### Check that the file extension is allowed. |
|
- | 26 | if(!isset($fileExtension) || |
||
- | 27 | !in_array(strtoupper($fileExtension), $ALLOWED_FILE_EXTENSIONS)) |
||
- | 28 | return; |
||
- | 29 | |
||
27 | if ($fileExtension != '') { |
30 | #### Hash filename and check storage in the upload folder. |
|
28 | $storePath = realpath($STORE_FOLDER); |
31 | $storePath = realpath($STORE_FOLDER); |
|
29 | $file = strtolower( |
32 | $file = strtolower( |
|
30 | PseudoCrypt::hash( |
33 | PseudoCrypt::hash( |
|
31 | preg_replace( |
34 | preg_replace( |
|
Line 45... | Line 48... | |||
45 | array( |
48 | array( |
|
46 | $STORE_FOLDER, |
49 | $STORE_FOLDER, |
|
47 | $file |
50 | $file |
|
48 | ) |
51 | ) |
|
49 | ); |
52 | ); |
|
- | 53 | |
||
- | 54 | #### Check for path traversals. |
||
50 | $pathPart = pathinfo($userPath); |
55 | $pathPart = pathinfo($userPath); |
|
51 | if (realpath($pathPart['dirname']) == $storePath) { |
56 | if (realpath($pathPart['dirname']) == $storePath) { |
|
52 | atomized_put_contents($userPath, $data); |
57 | atomized_put_contents($userPath, $data); |
|
53 | $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); |
58 | $output = sprintf('%s/%s', trim($URL_PATH, '/'), $file); |
|
54 | } |
59 | } |
|
55 | } |
- | ||
Line 56... | Line 60... | |||
56 | |
60 | |
|
57 | # Return the URL to the file. |
61 | ### Return the URL to the file. |
|
58 | header('Content-Type: text/plain; charset=utf-8'); |
62 | header('Content-Type: text/plain; charset=utf-8'); |