X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/b1d3139a77a3d0cf02bb23ab94fbf2b2894ad7d9..4c21cfa0dcc77dd04d6880d2ad43eaa7311d999b:/static/php/upload.php diff --git a/static/php/upload.php b/static/php/upload.php index 879d68d..af49a1d 100644 --- a/static/php/upload.php +++ b/static/php/upload.php @@ -1,196 +1,41 @@ name, PATHINFO_EXTENSION); - //Get mime - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $type_mime = finfo_file($finfo, $file->tempfile); - finfo_close($finfo); - - // Check if extension is a double-dot extension and, if true, override $ext - $revname = strrev($file->name); - foreach ($doubledots as $ddot) { - if (stripos($revname, $ddot) === 0) { - $ext = strrev($ddot); - } - } - - do { - // Iterate until we reach the maximum number of retries - if ($tries-- === 0) { - throw new Exception( - 'Gave up trying to find an unused name', - 500 - ); // HTTP status code "500 Internal Server Error" - } - - $chars = ID_CHARSET; - $name = ''; - for ($i = 0; $i < $length; ++$i) { - $name .= $chars[mt_rand(0, strlen($chars))]; - } - - // Add the extension to the file name - if (isset($ext) && $ext !== '') { - $name .= '.'.$ext; - } - - //Check if mime is blacklisted - if (in_array($type_mime, unserialize(CONFIG_BLOCKED_MIME))) { - throw new Exception('Extension type not allowed.'); - exit(0); - } - - //Check if EXT is blacklisted - if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { - throw new Exception('Extension type not allowed.'); - exit(0); - } - - // Check if a file with the same name does already exist in the database - $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); - $q->bindValue(':name', $name, PDO::PARAM_STR); - $q->execute(); - $result = $q->fetchColumn(); - // If it does, generate a new name - } while ($result > 0); - - return $name; -} - -/** - * Handles the uploading and db entry for a file. +/* + * Uguu * - * @param UploadedFile $file + * @copyright Copyright (c) 2022 Go Johansson (nekunekus) * - * @return array - */ -function uploadFile($file) -{ - global $db; - global $FILTER_MODE; - global $FILTER_MIME; - - // Handle file errors - if ($file->error) { - throw new UploadException($file->error); - } - - // Generate a name for the file - $newname = generateName($file); - - // Store the file's full file path in memory - $uploadFile = UGUU_FILES_ROOT.$newname; - - // Attempt to move it to the static directory - if (!move_uploaded_file($file->tempfile, $uploadFile)) { - throw new Exception( - 'Failed to move file to destination', - 500 - ); // HTTP status code "500 Internal Server Error" - } - - // Need to change permissions for the new file to make it world readable - if (!chmod($uploadFile, 0644)) { - throw new Exception( - 'Failed to change file permissions', - 500 - ); // HTTP status code "500 Internal Server Error" - } - - // Add it to the database - $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date) VALUES (:hash, :orig, :name, :size, :date)'); - - // Common parameters binding - $q->bindValue(':hash', $file->getSha1(), PDO::PARAM_STR); - $q->bindValue(':orig', strip_tags($file->name), PDO::PARAM_STR); - $q->bindValue(':name', $newname, PDO::PARAM_STR); - $q->bindValue(':size', $file->size, PDO::PARAM_INT); - $q->bindValue(':date', time(), PDO::PARAM_INT); - $q->execute(); - - return [ - 'hash' => $file->getSha1(), - 'name' => $file->name, - 'url' => UGUU_URL.rawurlencode($newname), - 'size' => $file->size, - ]; -} - -/** - * Reorder files array by file. + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. * - * @return array - */ -function diverseArray($files) -{ - $result = []; - - foreach ($files as $key1 => $value1) { - foreach ($value1 as $key2 => $value2) { - $result[$key2][$key1] = $value2; - } - } - - return $result; -} - -/** - * Reorganize the $_FILES array into something saner. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. * - * @return array + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ -function refiles($files) -{ - $result = []; - $files = diverseArray($files); - foreach ($files as $file) { - $f = new UploadedFile(); - $f->name = $file['name']; - $f->mime = $file['type']; - $f->size = $file['size']; - $f->tempfile = $file['tmp_name']; - $f->error = $file['error']; - $result[] = $f; - } +require_once 'includes/Upload.class.php'; - return $result; -} - -$type = isset($_GET['output']) ? $_GET['output'] : 'json'; -$response = new Response($type); +$type = $_GET['output'] ?? 'json'; +$response = (new Core\Response($type)); if (isset($_FILES['files'])) { - $uploads = refiles($_FILES['files']); + $uploads = (new Upload())->reFiles($_FILES['files']); try { foreach ($uploads as $upload) { - $res[] = uploadFile($upload); + $res[] = (new Upload())->uploadFile(); + } + if (isset($res)) { + $response->send($res); } - $response->send($res); } catch (Exception $e) { $response->error($e->getCode(), $e->getMessage()); } } else { $response->error(400, 'No input file(s)'); -} +} \ No newline at end of file