scratch – Rev 87

Subversion Repositories:
Rev:
<?php

###########################################################################
##  Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3      ##
###########################################################################

require_once('php/pseudocrypt.php');
require_once('php/functions.php');
require_once('vendor/autoload.php');

### Load configuration.
$config = spyc_load_file('config.yaml');

### If no file has been specified for download then return.
if (!isset($_GET['hash']) or empty($_GET['hash'])) {
    http_response_code(404);
    die('File not found.');
}

### If no timestamp has been provided then return.
if (!isset($_GET['timestamp']) or empty($_GET['timestamp'])) {
    http_response_code(403);
    die('Forbidden.');
}

### Find the requested file.
$file = array_shift(
    preg_grep(
        "/".$_GET['hash']."/",
        scandir($config['STORE_FOLDER'])
    )
);

if (!isset($file) or empty($file)) {
    http_response_code(404);
    die('File not found.');
}

### Check the path for path traversals.
$fileExtension = pathinfo($file, PATHINFO_EXTENSION);

#### If the extension is not allowed then return.
if (!isset($fileExtension) ||
    !in_array(strtoupper($fileExtension),
        array_map('strtoupper', $config['ALLOWED_FILE_EXTENSIONS']))) {
    http_response_code(403);
    die('File extension not allowed.');
}

#### Build the user path.
$userPath = join(
    DIRECTORY_SEPARATOR,
    array(
        $config['STORE_FOLDER'],
        $file
    )
);

#### Check for path traversals
$pathPart = pathinfo($userPath);
if (strcasecmp(
    realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) {
    http_response_code(500);
    die('Internal server error.');
}

#### Check if the file exists.
if (!file_exists($userPath)) {
    http_response_code(404);
    die('File not found.');
}

### Check if the timestamp matches.
if (filemtime($userPath) != $_GET['timestamp']) {
    http_response_code(403);
    die('Forbidden.');
}

unlink($userPath);