scratch – Diff between revs 115 and 123
?pathlinks?
| Rev 115 | Rev 123 | |||
|---|---|---|---|---|
| 1 | <?php |
1 | <?php |
|
| 2 | |
2 | |
|
| 3 | ########################################################################### |
3 | ########################################################################### |
|
| 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
| 5 | ########################################################################### |
5 | ########################################################################### |
|
| 6 | |
6 | |
|
| 7 | require_once('php/pseudocrypt.php'); |
7 | require_once('php/pseudocrypt.php'); |
|
| 8 | require_once('php/functions.php'); |
8 | require_once('php/functions.php'); |
|
| 9 | require_once('vendor/autoload.php'); |
9 | require_once('vendor/autoload.php'); |
|
| - | 10 | |
||
| - | 11 | ### FFMpeg |
||
| 10 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
12 | require_once('vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFMpeg.php'); |
|
| - | 13 | |
||
| - | 14 | ### Aura URI |
||
| - | 15 | require_once('vendor/aura/uri/src/Aura/Uri/PublicSuffixList.php'); |
||
| - | 16 | require_once('vendor/aura/uri/src/Aura/Uri/Url/Factory.php'); |
||
| - | 17 | require_once('vendor/aura/uri/src/Aura/Uri/Query.php'); |
||
| - | 18 | require_once('vendor/aura/uri/src/Aura/Uri/Host.php'); |
||
| - | 19 | require_once('vendor/aura/uri/src/Aura/Uri/Url.php'); |
||
| - | 20 | require_once('vendor/aura/uri/src/Aura/Uri/Path.php'); |
||
| - | 21 | use Aura\Uri\Url\Factory as UrlFactory; |
||
| - | 22 | use Aura\Uri\PublicSuffixList; |
||
| 11 | |
23 | |
|
| 12 | ### Load configuration. |
24 | ### Load configuration. |
|
| 13 | $config = spyc_load_file('config.yaml'); |
25 | $config = spyc_load_file('config.yaml'); |
|
| 14 | |
26 | |
|
| 15 | ### If no file has been specified for download then return. |
27 | ### If no file has been specified for download then return. |
|
| 16 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
28 | if (!isset($_GET['hash']) or empty($_GET['hash'])) { |
|
| 17 | http_response_code(404); |
29 | http_response_code(404); |
|
| 18 | die('File not found.'); |
30 | die('File not found.'); |
|
| 19 | } |
31 | } |
|
| 20 | |
32 | |
|
| 21 | ### Find the requested file. |
33 | ### Find the requested file. |
|
| 22 | $file = array_shift( |
34 | $file = array_shift( |
|
| 23 | preg_grep( |
35 | preg_grep( |
|
| 24 | "/".$_GET['hash']."/", |
36 | "/".$_GET['hash']."/", |
|
| 25 | scandir($config['STORE_FOLDER']) |
37 | scandir($config['STORE_FOLDER']) |
|
| 26 | ) |
38 | ) |
|
| 27 | ); |
39 | ); |
|
| 28 | |
40 | |
|
| 29 | if (!isset($file) or empty($file)) { |
41 | if (!isset($file) or empty($file)) { |
|
| 30 | http_response_code(404); |
42 | http_response_code(404); |
|
| 31 | die('File not found.'); |
43 | die('File not found.'); |
|
| 32 | } |
44 | } |
|
| 33 | |
45 | |
|
| 34 | ### Check the path for path traversals. |
46 | ### Check the path for path traversals. |
|
| 35 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
47 | $fileExtension = pathinfo($file, PATHINFO_EXTENSION); |
|
| 36 | |
48 | |
|
| 37 | #### If the extension is not allowed then return. |
49 | #### If the extension is not allowed then return. |
|
| 38 | if (!isset($fileExtension) || |
50 | if (!isset($fileExtension) || |
|
| 39 | !in_array(strtoupper($fileExtension), |
51 | !in_array(strtoupper($fileExtension), |
|
| 40 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
52 | array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) { |
|
| 41 | http_response_code(403); |
53 | http_response_code(403); |
|
| 42 | die('File extension not allowed.'); |
54 | die('File extension not allowed.'); |
|
| 43 | } |
55 | } |
|
| 44 | |
56 | |
|
| 45 | #### Build the user path. |
57 | #### Build the user path. |
|
| 46 | $userPath = join( |
58 | $userPath = join( |
|
| 47 | DIRECTORY_SEPARATOR, |
59 | DIRECTORY_SEPARATOR, |
|
| 48 | array( |
60 | array( |
|
| 49 | $config['STORE_FOLDER'], |
61 | $config['STORE_FOLDER'], |
|
| 50 | $file |
62 | $file |
|
| 51 | ) |
63 | ) |
|
| 52 | ); |
64 | ); |
|
| 53 | |
65 | |
|
| 54 | #### Check for path traversals |
66 | #### Check for path traversals |
|
| 55 | $pathPart = pathinfo($userPath); |
67 | $pathPart = pathinfo($userPath); |
|
| 56 | if (strcasecmp( |
68 | if (strcasecmp( |
|
| 57 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
69 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
| 58 | http_response_code(500); |
70 | http_response_code(500); |
|
| 59 | die('Internal server error.'); |
71 | die('Internal server error.'); |
|
| 60 | } |
72 | } |
|
| 61 | |
73 | |
|
| 62 | #### Check if the file exists. |
74 | #### Check if the file exists. |
|
| 63 | if (!file_exists($userPath)) { |
75 | if (!file_exists($userPath)) { |
|
| 64 | http_response_code(404); |
76 | http_response_code(404); |
|
| 65 | die('File not found.'); |
77 | die('File not found.'); |
|
| 66 | } |
78 | } |
|
| - | 79 | |
||
| - | 80 | ### Extract the server path. |
||
| - | 81 | $URLFactory = new UrlFactory( |
||
| - | 82 | $_SERVER, |
||
| - | 83 | new PublicSuffixList(require 'vendor/aura/uri/data/public-suffix-list.php') |
||
| - | 84 | ); |
||
| - | 85 | $URL = $URLFactory->newCurrent(); |
||
| - | 86 | |
||
| - | 87 | ### HTTPs has to be enforced for opengraph sharing. |
||
| - | 88 | if(strtoupper($URL->scheme) != 'HTTPS') |
||
| - | 89 | $URL->setScheme('https'); |
||
| - | 90 | |
||
| - | 91 | $URL_PATH = array_shift( |
||
| - | 92 | explode( |
||
| - | 93 | 'og/'.$_GET['hash'], |
||
| - | 94 | $URL->getFull() |
||
| - | 95 | ) |
||
| - | 96 | ); |
||
| 67 | |
97 | |
|
| 68 | $GRAPH_URL = $config['URL_PATH'].'og/'.$_GET['hash']; |
98 | $GRAPH_URL = $URL_PATH.'og/'.$_GET['hash']; |
|
| 69 | $CANON_URL = $config['URL_PATH'].'file.php?hash='.$_GET['hash']; |
99 | $CANON_URL = $URL_PATH.'file.php?hash='.$_GET['hash']; |
|
| 70 | $BASIC_URL = $config['URL_PATH'].$_GET['hash']; |
100 | $BASIC_URL = $URL_PATH.$_GET['hash']; |
|
| 71 | |
101 | |
|
| 72 | switch(strtoupper($fileExtension)) { |
102 | switch(strtoupper($fileExtension)) { |
|
| 73 | case 'GIF': |
103 | case 'GIF': |
|
| 74 | list($width, $height) = getimagesize($userPath); |
104 | list($width, $height) = getimagesize($userPath); |
|
| 75 | echo <<<END |
105 | echo <<<END |
|
| 76 | <html> |
106 | <html> |
|
| 77 | <head> |
107 | <head> |
|
| 78 | <meta property="og:site_name" content="Scratch Copy"> |
108 | <meta property="og:site_name" content="Scratch Copy"> |
|
| 79 | <meta property="og:url" content="$BASIC_URL"> |
109 | <meta property="og:url" content="$BASIC_URL"> |
|
| 80 | <meta property="og:title" content="Scratch Copy"> |
110 | <meta property="og:title" content="Scratch Copy"> |
|
| 81 | <meta property="og:type" content="video.other"> |
111 | <meta property="og:type" content="video.other"> |
|
| 82 | <meta property="og:image" content="$BASIC_URL"> |
112 | <meta property="og:image" content="$BASIC_URL"> |
|
| 83 | <meta property="og:image:width" content="$width"> |
113 | <meta property="og:image:width" content="$width"> |
|
| 84 | <meta property="og:image:height" content="$height"> |
114 | <meta property="og:image:height" content="$height"> |
|
| 85 | </head> |
115 | </head> |
|
| 86 | |
116 | |
|
| 87 | <body> |
117 | <body> |
|
| 88 | <p> |
118 | <p> |
|
| 89 | <img src="$BASIC_URL"> |
119 | <img src="$BASIC_URL"> |
|
| 90 | </p> |
120 | </p> |
|
| 91 | </body> |
121 | </body> |
|
| 92 | |
122 | |
|
| 93 | </html> |
123 | </html> |
|
| 94 | END; |
124 | END; |
|
| 95 | break; |
125 | break; |
|
| 96 | case 'MP4': |
126 | case 'MP4': |
|
| 97 | ### Create a thumbnail for the video. |
127 | ### Create a thumbnail for the video. |
|
| 98 | $file = strtolower( |
128 | $file = strtolower( |
|
| 99 | PseudoCrypt::hash( |
129 | PseudoCrypt::hash( |
|
| 100 | preg_replace( |
130 | preg_replace( |
|
| 101 | '/\D/', |
131 | '/\D/', |
|
| 102 | '', |
132 | '', |
|
| 103 | hash( |
133 | hash( |
|
| 104 | 'sha512', |
134 | 'sha512', |
|
| 105 | $_GET['hash'] |
135 | $_GET['hash'] |
|
| 106 | ) |
136 | ) |
|
| 107 | ), |
137 | ), |
|
| 108 | $config['ASSET_HASH_SIZE'] |
138 | $config['ASSET_HASH_SIZE'] |
|
| 109 | ) |
139 | ) |
|
| 110 | ); |
140 | ); |
|
| 111 | |
141 | |
|
| 112 | #### Build the user path. |
142 | #### Build the user path. |
|
| 113 | $userPath = join( |
143 | $userPath = join( |
|
| 114 | DIRECTORY_SEPARATOR, |
144 | DIRECTORY_SEPARATOR, |
|
| 115 | array( |
145 | array( |
|
| 116 | $config['STORE_FOLDER'], |
146 | $config['STORE_FOLDER'], |
|
| 117 | $file |
147 | $file |
|
| 118 | ) |
148 | ) |
|
| 119 | ); |
149 | ); |
|
| 120 | |
150 | |
|
| 121 | ### Do not re-create the thumbnail if it already exists. |
151 | ### Do not re-create the thumbnail if it already exists. |
|
| 122 | if(!file_exists($userPath.'.'.'jpg')) { |
152 | if(!file_exists($userPath.'.'.'jpg')) { |
|
| 123 | ### Extract thumbnail. |
153 | ### Extract thumbnail. |
|
| 124 | $ffmpeg = FFMpeg\FFMpeg::create(); |
154 | $ffmpeg = FFMpeg\FFMpeg::create(); |
|
| 125 | $video = $ffmpeg->open($CANON_URL); |
155 | $video = $ffmpeg->open($CANON_URL); |
|
| 126 | $frame = $video->frame( |
156 | $frame = $video->frame( |
|
| 127 | FFMpeg\Coordinate\TimeCode::fromSeconds( |
157 | FFMpeg\Coordinate\TimeCode::fromSeconds( |
|
| 128 | $config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND'] |
158 | $config['VIDEO_PREVIEW_IMAGE_FRAME_SECOND'] |
|
| 129 | ) |
159 | ) |
|
| 130 | ); |
160 | ); |
|
| 131 | $frame->save($userPath.'.'.'jpg'); |
161 | $frame->save($userPath.'.'.'jpg'); |
|
| 132 | } |
162 | } |
|
| 133 | |
163 | |
|
| 134 | ### Get preview image size. |
164 | ### Get preview image size. |
|
| 135 | list($imageWidth, $imageHeight) = getimagesize($userPath.'.'.'jpg'); |
165 | list($imageWidth, $imageHeight) = getimagesize($userPath.'.'.'jpg'); |
|
| 136 | |
166 | |
|
| 137 | ### Probe video for width and height. |
167 | ### Probe video for width and height. |
|
| 138 | $ffprobe = FFMpeg\FFProbe::create(); |
168 | $ffprobe = FFMpeg\FFProbe::create(); |
|
| 139 | $dimension = $ffprobe |
169 | $dimension = $ffprobe |
|
| 140 | ->streams($CANON_URL) |
170 | ->streams($CANON_URL) |
|
| 141 | ->videos() |
171 | ->videos() |
|
| 142 | ->first() |
172 | ->first() |
|
| 143 | ->getDimensions(); |
173 | ->getDimensions(); |
|
| 144 | |
174 | |
|
| 145 | $videoWidth = $dimension->getWidth(); |
175 | $videoWidth = $dimension->getWidth(); |
|
| 146 | $videoHeight = $dimension->getHeight(); |
176 | $videoHeight = $dimension->getHeight(); |
|
| 147 | |
177 | |
|
| 148 | ### Build paths. |
178 | ### Build paths. |
|
| 149 | $PREVIEW_IMAGE_URL = $config['URL_PATH'].$file; |
179 | $PREVIEW_IMAGE_URL = $URL_PATH.$file; |
|
| 150 | $FLOW_PLAYER_VIDEO_URL = $config['URL_PATH'].'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}'; |
180 | $FLOW_PLAYER_VIDEO_URL = $URL_PATH.'flowplayer/flowplayer.swf?config={"clip":"'.$BASIC_URL.'"}'; |
|
| 151 | $FLOW_PLAYER = $config['URL_PATH'].'flowplayer/flowplayer.swf'; |
181 | $FLOW_PLAYER = $URL_PATH.'flowplayer/flowplayer.swf'; |
|
| 152 | |
182 | |
|
| 153 | echo <<<END |
183 | echo <<<END |
|
| 154 | <html> |
184 | <html> |
|
| 155 | <head> |
185 | <head> |
|
| 156 | <meta property="og:type" content="video.other"> |
186 | <meta property="og:type" content="video.other"> |
|
| 157 | <meta property="og:title" content="Scratch Copy"> |
187 | <meta property="og:title" content="Scratch Copy"> |
|
| 158 | <meta property="og:site_name" content="Scratch Copy"> |
188 | <meta property="og:site_name" content="Scratch Copy"> |
|
| 159 | |
189 | |
|
| 160 | <meta property="og:url" content="$GRAPH_URL"> |
190 | <meta property="og:url" content="$GRAPH_URL"> |
|
| 161 | |
191 | |
|
| 162 | <meta property="og:image" content="$PREVIEW_IMAGE_URL"> |
192 | <meta property="og:image" content="$PREVIEW_IMAGE_URL"> |
|
| 163 | <meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'> |
193 | <meta property="og:video" content='$FLOW_PLAYER_VIDEO_URL'> |
|
| 164 | <meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'> |
194 | <meta property="og:video:secure_url" content='$FLOW_PLAYER_VIDEO_URL'> |
|
| 165 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
195 | <meta property="og:video:type" content="application/x-shockwave-flash"> |
|
| 166 | <meta property="og:video:width" content="$videoWidth"> |
196 | <meta property="og:video:width" content="$videoWidth"> |
|
| 167 | <meta property="og:video:height" content="$videoHeight"> |
197 | <meta property="og:video:height" content="$videoHeight"> |
|
| 168 | |
198 | |
|
| 169 | <meta property="og:image:width" content="$imageWidth"> |
199 | <meta property="og:image:width" content="$imageWidth"> |
|
| 170 | <meta property="og:image:height" content="$imageHeight"> |
200 | <meta property="og:image:height" content="$imageHeight"> |
|
| 171 | </head> |
201 | </head> |
|
| 172 | |
202 | |
|
| 173 | <body> |
203 | <body> |
|
| 174 | <p> |
204 | <p> |
|
| 175 | <object width="$videoWidth" height="$videoHeight" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
205 | <object width="$videoWidth" height="$videoHeight" id="Scratch Copy" name="Scratch Copy" data="$FLOW_PLAYER" type="application/x-shockwave-flash"><param name="movie" value="$FLOW_PLAYER" /><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="flashvars" value='config={"clip":"$BASIC_URL"}' /></object> |
|
| 176 | </p> |
206 | </p> |
|
| 177 | </body> |
207 | </body> |
|
| 178 | |
208 | |
|
| 179 | </html> |
209 | </html> |
|
| 180 | END; |
210 | END; |
|
| 181 | break; |
211 | break; |
|
| 182 | } |
212 | } |
|
| 183 | |
213 | |
|
| 184 | |
214 | |
|
| 185 | |
215 | |
|
| 186 | |
216 | |
|