X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/853b768036607f56e7d8fded94d83923df8ae053..8c54a1f3497253b64480417914e871713536e185:/README.md diff --git a/README.md b/README.md index d9ae401..0a59c60 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Uguu +# What is Uguu? -Uguu is a simple temporary file uploading and sharing platform where files get deleted after 24 hours. +Uguu is a simple temporary file uploading and sharing platform where files get deleted after X amount of time. ## Features @@ -20,8 +20,8 @@ See the real world example at [uguu.se](https://uguu.se). ## Requirements -Original development environment is Nginx + PHP7.3 + SQLite, but is confirmed to -work with Apache 2.4 and newer PHP versions. +Original development environment is Nginx + PHP5.3 + SQLite, but is confirmed to +work with Apache 2.4 and newer PHP versions like PHP7.3. ## Install @@ -56,7 +56,12 @@ file size, are found in `dist.json`. Changes made here will only take effect after rebuilding the site pages. This may be done by running `make` from the root of the site directory. -Back-end related settings, such as database configuration, and path for uploaded files, are found in `static/php/includes/settings.inc.php`. Changes made here take effect immediately. +Back-end related settings, such as database configuration, and path for uploaded files, are found in `static/php/includes/settings.inc.php`. Changes made here take effect immediately. Change the following settings: +```php +define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3'); +define('UGUU_FILES_ROOT', '/path/to/file/'); +define('UGUU_URL', 'https://subdomainforyourfiles.your.site'); +``` If you intend to allow uploading files larger than 2 MB, you may also need to increase POST size limits in `php.ini` and webserver configuration. For PHP, @@ -78,6 +83,16 @@ Then add them to your crontab: These scripts check if DB entries and files are older then 24 hours and if they are deletes them. +## MIME/EXT Blocking + +Blocking certain filetypes from being uploaded can be changed by editing the following settings in `static/php/includes/settings.inc.php`: +```php +define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml'])); +define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary'])); +``` + +By default the most common malicious filetypes are blocked. + ## Using SQLite as DB engine We need to create the SQLite database before it may be used by uguu. @@ -101,15 +116,15 @@ define('UGUU_DB_PASS', '[stuff]'); ---> define('UGUU_DB_PASS', null); *NOTE: The directory where the SQLite database is stored, must be writable by the web server user* -### Apache - -If you are running Apache and want to compress your output when serving files, -add to your `.htaccess` file: +## Nginx/Apache - AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/x-javascript application/json +I won't cover settings everything up, however do NOT allow PHP scripts to be executed on your subdomain serving the files or someone will just upload a PHP shell and PwN you. -Remember to enable `deflate_module` and `filter_module` modules in your Apache -configuration file. +## API +To upload using curl or make a tool you can post using: +``` +curl -i -F files[]=@yourfile.jpeg https://uguu.se/upload.php (JSON Response) +``` ## Getting help