scratch – Rev 61
?pathlinks?
<?php
###########################################################################
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
###########################################################################
require_once('inc/pseudocrypt.php');
require_once('inc/functions.php');
require_once('config.php');
if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
!isset($_POST['action']) or empty($_POST['action'])) {
header('Internal server error.', true, 500);
return;
}
#### Check fingerprint consistency.
$fingerprint = strtoupper($_POST['fingerprint']);
if(strlen($fingerprint) !== 32) {
header('Internal server error.', true, 500);
return;
}
$action = strtoupper($_POST['action']);
#### Data must be sent in order to save a file.
if($action === 'SAVE' and !isset($_POST['data'])) {
header('Internal server error.', true, 500);
return;
}
#### Hash fingerprint.
$file = strtolower(
PseudoCrypt::hash(
preg_replace(
'/\D/',
'',
hash(
'sha512',
$fingerprint
)
),
$ASSET_HASH_SIZE
)
);
#### Build the user path.
$userPath = join(
DIRECTORY_SEPARATOR,
array(
$STORE_FOLDER,
$file
)
);
#### Check for path traversals
$pathPart = pathinfo($userPath.'.html');
if (strcasecmp(
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) {
header('Internal server error.', true, 500);
return;
}
switch($action) {
case 'SAVE':
#### Store the file.
atomized_put_contents($userPath.'.html', $_POST['data']);
break;
case 'LOAD':
if(!file_exists($userPath.'.html')) {
header('File not found.', true, 404);
return;
}
### Set no-cache
header('Content-Type: text/html; charset=utf-8');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
header('Expires: 0');
### Open MIME info database and send the content type.
header('Content-type: text/html');
### Send the file along with the inline content disposition.
header('Content-length: '.(int)get_file_size($userPath.'.html'));
header('Content-Disposition: inline; filename="' . basename($userPath.'.html') . '"');
header('X-Sendfile: '.$userPath.'.html');
break;
}