scratch – Diff between revs 81 and 87

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 81 Rev 87
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   6  
7 require_once('php/pseudocrypt.php'); 7 require_once('php/pseudocrypt.php');
8 require_once('php/functions.php'); 8 require_once('php/functions.php');
9 require_once('vendor/mustangostang/spyc/Spyc.php'); 9 require_once('vendor/autoload.php');
10   10  
11 ### Load configuration. 11 ### Load configuration.
12 $config = spyc_load_file('config.yaml'); 12 $config = spyc_load_file('config.yaml');
13   13  
14 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or 14 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
15 !isset($_POST['action']) or empty($_POST['action'])) { 15 !isset($_POST['action']) or empty($_POST['action'])) {
16 http_response_code(500); 16 http_response_code(500);
17 die('Internal server error.'); 17 die('Internal server error.');
18 } 18 }
19   19  
20 #### Check fingerprint consistency. 20 #### Check fingerprint consistency.
21 $fingerprint = strtoupper($_POST['fingerprint']); 21 $fingerprint = strtoupper($_POST['fingerprint']);
22 if(strlen($fingerprint) !== 32) { 22 if(strlen($fingerprint) !== 32) {
23 http_response_code(500); 23 http_response_code(500);
24 die('Internal server error.'); 24 die('Internal server error.');
25 } 25 }
26   26  
27 $action = strtoupper($_POST['action']); 27 $action = strtoupper($_POST['action']);
28   28  
29 #### Data must be sent in order to save a file. 29 #### Data must be sent in order to save a file.
30 if($action === 'SAVE' and !isset($_POST['data'])) { 30 if($action === 'SAVE' and !isset($_POST['data'])) {
31 http_response_code(500); 31 http_response_code(500);
32 die('Internal server error.'); 32 die('Internal server error.');
33 } 33 }
34   34  
35 #### Hash fingerprint. 35 #### Hash fingerprint.
36 $file = strtolower( 36 $file = strtolower(
37 PseudoCrypt::hash( 37 PseudoCrypt::hash(
38 preg_replace( 38 preg_replace(
39 '/\D/', 39 '/\D/',
40 '', 40 '',
41 hash( 41 hash(
42 'sha512', 42 'sha512',
43 $fingerprint 43 $fingerprint
44 ) 44 )
45 ), 45 ),
46 $config['ASSET_HASH_SIZE'] 46 $config['ASSET_HASH_SIZE']
47 ) 47 )
48 ); 48 );
49   49  
50 #### Build the user path. 50 #### Build the user path.
51 $userPath = join( 51 $userPath = join(
52 DIRECTORY_SEPARATOR, 52 DIRECTORY_SEPARATOR,
53 array( 53 array(
54 $config['STORE_FOLDER'], 54 $config['STORE_FOLDER'],
55 $file 55 $file
56 ) 56 )
57 ); 57 );
58   58  
59 #### Check for path traversals 59 #### Check for path traversals
60 $pathPart = pathinfo($userPath.'.html'); 60 $pathPart = pathinfo($userPath.'.html');
61 if (strcasecmp( 61 if (strcasecmp(
62 realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { 62 realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) {
63 http_response_code(500); 63 http_response_code(500);
64 die('Internal server error.'); 64 die('Internal server error.');
65 } 65 }
66   66  
67 switch($action) { 67 switch($action) {
68 case 'SAVE': 68 case 'SAVE':
69 #### Store the file. 69 #### Store the file.
70 atomized_put_contents($userPath.'.html', $_POST['data']); 70 atomized_put_contents($userPath.'.html', $_POST['data']);
71 break; 71 break;
72 case 'LOAD': 72 case 'LOAD':
73 if(!file_exists($userPath.'.html')) { 73 if(!file_exists($userPath.'.html')) {
74 ### If the file does not exist, present an empty file instead of 404. 74 ### If the file does not exist, present an empty file instead of 404.
75 echo ''; 75 echo '';
76 return; 76 return;
77 } 77 }
78 ### Set no-cache 78 ### Set no-cache
79 header('Content-Type: text/html; charset=utf-8'); 79 header('Content-Type: text/html; charset=utf-8');
80 header('Cache-Control: no-cache, no-store, must-revalidate'); 80 header('Cache-Control: no-cache, no-store, must-revalidate');
81 header('Pragma: no-cache'); 81 header('Pragma: no-cache');
82 header('Expires: 0'); 82 header('Expires: 0');
83 ### Open MIME info database and send the content type. 83 ### Open MIME info database and send the content type.
84 header('Content-type: text/html'); 84 header('Content-type: text/html');
85 ### Send the file along with the inline content disposition. 85 ### Send the file along with the inline content disposition.
86 header('Content-length: '.(int)get_file_size($userPath.'.html')); 86 header('Content-length: '.(int)get_file_size($userPath.'.html'));
87 header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"'); 87 header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"');
88 header('X-Sendfile: '.$userPath.'.html'); 88 header('X-Sendfile: '.$userPath.'.html');
89 break; 89 break;
90 } 90 }
91   91  
92   92