X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/0f8d4e9ce3695742de5024846279149f2e5cd7cd..044a28cd254c46ffef902482cac0ca79a082e4df:/static/php/upload.php diff --git a/static/php/upload.php b/static/php/upload.php index 2f1679b..f4abf7f 100644 --- a/static/php/upload.php +++ b/static/php/upload.php @@ -1,281 +1,37 @@ * - * @return string - */ -function generateName($file) -{ - global $db; - global $doubledots; - - // We start at N retries, and --N until we give up - $tries = UGUU_FILES_RETRIES; - $length = UGUU_FILES_LENGTH; - - //Get EXT - $ext = pathinfo($file->name, PATHINFO_EXTENSION); - - //Get MIME - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $type_mime = finfo_file($finfo, $file->tempfile); - finfo_close($finfo); - - // Check if extension is a double-dot extension and, if true, override $ext - $revname = strrev($file->name); - foreach ($doubledots as $ddot) { - if (stripos($revname, $ddot) === 0) { - $ext = strrev($ddot); - } - } - - do { - // Iterate until we reach the maximum number of retries - if ($tries-- === 0) { - http_response_code(500); - throw new Exception( - 'Gave up trying to find an unused name', - 500 - ); // HTTP status code "500 Internal Server Error" - } - - $chars = ID_CHARSET; - $name = ''; - for ($i = 0; $i < $length; ++$i) { - $name .= $chars[mt_rand(0, strlen($chars))]; - } - - // Add the extension to the file name - if (isset($ext) && $ext !== '') { - $name .= '.'.$ext; - } - - // Check if the file is blacklisted - if(BLACKLIST_DB){ - $q = $db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); - $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); - $q->execute(); - $result = $q->fetch(); - if ($result['count'] > 0) { - http_response_code(415); - throw new Exception( - 'File blacklisted!', - 415 - ); - exit(0); - } - } - - // Check if file is whitelisted or blacklisted - switch (CONFIG_FILTER_MODE) { - - case false: - //check if MIME is blacklisted - if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } - //Check if EXT is blacklisted - if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } - break; - - case true: - //Check if MIME is whitelisted - if (!in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } - //Check if EXT is whitelisted - if (!in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - http_response_code(415); - throw new Exception( - 'File type not allowed!', - 415 - ); - exit(0); - } - break; - } - - // Check if a file with the same name does already exist in the database - $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); - $q->bindValue(':name', $name, PDO::PARAM_STR); - $q->execute(); - $result = $q->fetchColumn(); - // If it does, generate a new name - } while ($result > 0); - - return $name; -} - -/** - * Handles the uploading and db entry for a file. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. * - * @param UploadedFile $file + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. * - * @return array + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ -function uploadFile($file) -{ - global $db; - - // Handle file errors - if ($file->error) { - throw new UploadException($file->error); - } - - //fixes a bug - $lol = $file->getSha1(); - - // Check if a file with the same hash and size (a file which is the same) - // does already exist in the database; if it does, return the proper link - // and data. PHP deletes the temporary file just uploaded automatically. - if(ANTI_DUPE){ - $q = $db->prepare('SELECT filename, COUNT(*) AS count FROM files WHERE hash = (:hash) AND size = (:size)'); - $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); - $q->bindValue(':size', $file->size, PDO::PARAM_INT); - $q->execute(); - $result = $q->fetch(); - if ($result['count'] > 0) { - return [ - 'hash' => $file->getSha1(), - 'name' => $file->name, - 'url' => UGUU_URL.rawurlencode($result['filename']), - 'size' => $file->size, - ]; - } -} - // Generate a name for the file - $newname = generateName($file); +require_once 'includes/Upload.class.php'; - // Store the file's full file path in memory - $uploadFile = UGUU_FILES_ROOT.$newname; +use Core\Response as Response; - // Attempt to move it to the static directory - if (!move_uploaded_file($file->tempfile, $uploadFile)) { - http_response_code(500); - throw new Exception( - 'Failed to move file to destination', - 500 - ); // HTTP status code "500 Internal Server Error" - } +if (isset($_FILES['files'])) { + $uploads = (new Upload())->reFiles($_FILES['files']); - // Need to change permissions for the new file to make it world readable - if (!chmod($uploadFile, 0644)) { - http_response_code(500); - throw new Exception( - 'Failed to change file permissions', - 500 - ); // HTTP status code "500 Internal Server Error" + foreach ($uploads as $upload) { + $res[] = (new Upload())->uploadFile($upload); } - // Log IP - if(LOG_IP){ - $ip = $_SERVER['REMOTE_ADDR']; + if (isset($res)) { + (new Response())->returnSuccess($res); } else { - $ip = null; - } - - // Common parameters binding - $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ip) VALUES (:hash, :orig, :name, :size, :date, :ip)'); - $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); - $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); - $q->bindValue(':name', $newname, PDO::PARAM_STR); - $q->bindValue(':size', $file->size, PDO::PARAM_INT); - $q->bindValue(':date', time(), PDO::PARAM_STR); - $q->bindValue(':ip', $ip, PDO::PARAM_STR); - $q->execute(); - - return [ - 'hash' => $file->getSha1(), - 'name' => $file->name, - 'url' => UGUU_URL.rawurlencode($newname), - 'size' => $file->size, - ]; -} - -/** - * Reorder files array by file. - * - * @return array - */ -function diverseArray($files) -{ - $result = []; - - foreach ($files as $key1 => $value1) { - foreach ($value1 as $key2 => $value2) { - $result[$key2][$key1] = $value2; - } - } - - return $result; -} - -/** - * Reorganize the $_FILES array into something saner. - * - * @return array - */ -function refiles($files) -{ - $result = []; - $files = diverseArray($files); - - foreach ($files as $file) { - $f = new UploadedFile(); - $f->name = $file['name']; - $f->mime = $file['type']; - $f->size = $file['size']; - $f->tempfile = $file['tmp_name']; - $f->error = $file['error']; - $result[] = $f; - } - - return $result; -} - -$type = isset($_GET['output']) ? $_GET['output'] : 'json'; -$response = new Response($type); - -if (isset($_FILES['files'])) { - $uploads = refiles($_FILES['files']); - - try { - foreach ($uploads as $upload) { - $res[] = uploadFile($upload); - } - $response->send($res); - } catch (Exception $e) { - $response->error($e->getCode(), $e->getMessage()); + (new Response())->returnError(400, 'No input file(s)', 'N/A'); } -} else { - $response->error(400, 'No input file(s)'); -} +} \ No newline at end of file