X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/5156099cd16b66eff742032ee5740857f2247464..2d0bf4f30c3bece4bcf447561f5c986746672d0b:/static/php/includes/Upload.class.php diff --git a/static/php/includes/Upload.class.php b/static/php/includes/Upload.class.php index 15ba8f6..edf9b7c 100644 --- a/static/php/includes/Upload.class.php +++ b/static/php/includes/Upload.class.php @@ -48,7 +48,8 @@ class Upload self::$FILE_NAME = $file['name']; self::$FILE_SIZE = $file['size']; self::$TEMP_FILE = $file['tmp_name']; - $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE]; + self::$SHA1 = sha1_file(self::$TEMP_FILE); + $result[] = [self::$FILE_NAME, self::$FILE_SIZE, self::$TEMP_FILE, self::$SHA1]; } return $result; } @@ -71,13 +72,29 @@ class Upload public function uploadFile(): array { (new Settings())->loadConfig(); + (new Upload())->fileInfo(); - if (Settings::$ANTI_DUPE) { - (new Database())->antiDupe(); + if (Settings::$BLACKLIST_DB) { + (new Database())->checkFileBlacklist(); } - (new Upload())->generateName(); + if (Settings::$FILTER_MODE) { + self::checkMimeBlacklist(); + self::checkExtensionBlacklist(); + } + if (Settings::$ANTI_DUPE) { + $result = (new Database())->antiDupe(); + if (isset($result)) { + self::$NEW_NAME_FULL = $result; + } else { + (new Upload())->generateName(); + } + } + + if (!Settings::$ANTI_DUPE) { + (new Upload())->generateName(); + } if (!is_dir(Settings::$FILES_ROOT)) { throw new Exception('File storage path not accessible.', 500); @@ -107,46 +124,13 @@ class Upload ]; } - /** - * @throws Exception - */ - public function generateName(): string - { - (new Upload())->fileInfo(); - - do { - if (Settings::$FILES_RETRIES === 0) { - throw new Exception('Gave up trying to find an unused name!', 500); - } - - self::$NEW_NAME = ''; - for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) { - self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; - } - - if (isset(self::$FILE_EXTENSION) && self::$FILE_EXTENSION !== '') { - self::$NEW_NAME_FULL = self::$NEW_NAME . '.' . self::$FILE_EXTENSION; - } - - if (Settings::$BLACKLIST_DB) { - (new Database())->checkFileBlacklist(); - } - - if (Settings::$FILTER_MODE) { - self::checkMimeBlacklist(); - self::checkExtensionBlacklist(); - } - } while ((new Database())->dbCheckNameExists() > 0); - - return self::$NEW_NAME_FULL; - } - public function fileInfo() { if (isset($_FILES['files'])) { - self::$SHA1 = sha1_file(self::$TEMP_FILE); $finfo = finfo_open(FILEINFO_MIME_TYPE); self::$FILE_MIME = finfo_file($finfo, self::$TEMP_FILE); + $extension = explode('.', self::$FILE_NAME, 2); + self::$FILE_EXTENSION = $extension['1']; finfo_close($finfo); if (Settings::$LOG_IP) { @@ -154,14 +138,6 @@ class Upload } else { self::$IP = '0'; } - - foreach (Settings::$DOUBLE_DOTS as $DDOT) { - if (stripos(strrev(self::$FILE_NAME), $DDOT) === 0) { - self::$FILE_EXTENSION = strrev($DDOT); - } else { - self::$FILE_EXTENSION = pathinfo(self::$FILE_NAME, PATHINFO_EXTENSION); - } - } } } @@ -176,6 +152,9 @@ class Upload } /** + * Check if file extension is blacklisted + * if it does throw an exception. + * * @throws Exception */ public function checkExtensionBlacklist() @@ -184,4 +163,27 @@ class Upload throw new Exception('Filetype not allowed.', 415); } } -} + + /** + * @throws Exception + */ + public function generateName(): string + { + do { + if (Settings::$FILES_RETRIES === 0) { + throw new Exception('Gave up trying to find an unused name!', 500); + } + + self::$NEW_NAME = ''; + for ($i = 0; $i < Settings::$NAME_LENGTH; ++$i) { + self::$NEW_NAME .= Settings::$ID_CHARSET[mt_rand(0, strlen(Settings::$ID_CHARSET))]; + } + + if (isset(self::$FILE_EXTENSION)) { + self::$NEW_NAME_FULL = self::$NEW_NAME; + self::$NEW_NAME_FULL .= '.' . self::$FILE_EXTENSION; + } + } while ((new Database())->dbCheckNameExists() > 0); + return self::$NEW_NAME_FULL; + } +} \ No newline at end of file