--- /dev/null
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+ <component name="NewModuleRootManager">
+ <content url="file://$MODULE_DIR$" />
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ </component>
+</module>
\ No newline at end of file
--- /dev/null
+<component name="CopyrightManager">
+ <copyright>
+ <option name="notice" value="Uguu @copyright Copyright (c) &#36;today.year Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>." />
+ <option name="myName" value="neku" />
+ </copyright>
+</component>
\ No newline at end of file
--- /dev/null
+<component name="CopyrightManager">
+ <settings default="neku" />
+</component>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ProjectModuleManager">
+ <modules>
+ <module fileurl="file://$PROJECT_DIR$/.idea/Uguu.iml" filepath="$PROJECT_DIR$/.idea/Uguu.iml" />
+ </modules>
+ </component>
+</project>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="VcsDirectoryMappings">
+ <mapping directory="$PROJECT_DIR$" vcs="Git" />
+ </component>
+</project>
\ No newline at end of file
"ToolsDesc": "The following tools might need editing to work on this clone of Uguu, usually editing the URL works.",
"paypalUrl": "",
"bitcoinAddress": "",
- "flattrUrl": ""
+ "flattrUrl": "",
+
+ "DB_MODE": "sqlite",
+ "DB_CONN": "/path/to/db/uguu.sq3",
+ "DB_USER": "NULL",
+ "DB_PASS": "NULL",
+ "LOG_IP": false,
+ "ANTI_DUPE": false,
+ "BLACKLIST_DB": true,
+ "FILTER_MODE": true,
+ "FILES_ROOT": "/path/files",
+ "FILES_RETRIES": 15,
+ "SSL": true,
+ "URL": "a.uguu.se",
+ "ID_CHARSET": "abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ",
+ "BLOCKED_EXTENSIONS": [
+ "exe",
+ "scr",
+ "com",
+ "vbs",
+ "bat",
+ "cmd",
+ "htm",
+ "html",
+ "jar",
+ "msi",
+ "apk",
+ "phtml",
+ "svg"
+ ],
+ "BLOCKED_MIME": [
+ "application/msword",
+ "text/html",
+ "application/x-dosexec",
+ "application/java",
+ "application/java-archive",
+ "application/x-executable",
+ "application/x-mach-binary",
+ "image/svg+xml"
+ ],
+ "DOUBLE_DOTS": [
+ "tar.gz",
+ "tar.cp"
+ ]
}
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * Uguu
+ *
+ * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace Core {
+
+ /**
+ * @property mixed $DB_CONN
+ */
+ class Settings
+ {
+
+ public $DB_MODE;
+ public $DB_PATH;
+ public $DB_USER;
+ public $DB_PASS;
+
+ public $LOG_IP;
+ public $ANTI_DUPE;
+ public $BLACKLIST_DB;
+ public $FILTER_MODE;
+
+ public $FILES_ROOT;
+ public $FILES_RETRIES;
+
+ public $SSL;
+ public $URL;
+
+ public $NAME_LENGTH;
+ public $ID_CHARSET;
+ public $BLOCKED_EXTENSIONS;
+ public $BLOCKED_MIME;
+ public $DOUBLE_DOTS;
+
+ public function __constructSettings()
+ {
+ $settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
+ $this->DB_MODE = $settings_array['DB_MODE'];
+ $this->DB_PATH = $settings_array['DB_PATH'];
+ $this->DB_USER = $settings_array['DB_USER'];
+ $this->DB_PASS = $settings_array['DB_PASS'];
+ $this->LOG_IP = $settings_array['LOG_IP'];
+ $this->ANTI_DUPE = $settings_array['ANTI_DUPE'];
+ $this->BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
+ $this->FILTER_MODE = $settings_array['FILTER_MODE'];
+ $this->FILES_ROOT = $settings_array['FILES_ROOT'];
+ $this->FILES_RETRIES = $settings_array['FILES_RETRIES'];
+ $this->SSL = $settings_array['SSL'];
+ $this->URL = $settings_array['URL'];
+ $this->NAME_LENGTH = $settings_array['NAME_LENGTH'];
+ $this->ID_CHARSET = $settings_array['ID_CHARSET'];
+ $this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
+ $this->BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
+ $this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
+ }
+ }
+
+ class Database extends Settings
+ {
+ public $DB;
+
+ public function __constructDB()
+ {
+ $this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS);
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * Uguu
+ *
+ * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+require_once 'Settings.class.php';
+
+class Database extends Settings
+{
+public $db;
+ public function __construct()
+ {
+ $this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS);
+ }
+}
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * Uguu
+ *
+ * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+require_once 'Database.class.php';
+
+class Upload extends Database, errorReport
+{
+ public $FILE_NAME;
+ public $FILE_EXTENSION;
+ public $FILE_MIME;
+
+ public $NEW_NAME;
+ public $NEW_NAME_FULL;
+
+ public function fileInfo ($file)
+ {
+ if (isset($_FILES['files'])) {
+ $this->FILE_NAME = '';
+ $this->FILE_NAME = $file->name;
+ $finfo = finfo_open(FILEINFO_MIME_TYPE);
+ $this->FILE_MIME = finfo_file($finfo, $file->tempfile);
+ finfo_close($finfo);
+
+ // Check if extension is a double-dot extension and, if true, override $ext
+ foreach ($this->DOUBLE_DOTS as $ddot) {
+ if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
+ $this->FILE_EXTENSION = strrev($ddot);
+ } else {
+ $this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
+ }
+ }
+ }
+ }
+
+public function checkFileBlacklist ($hash){
+ $q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
+ $q->bindValue(':hash', $hash, PDO::PARAM_STR);
+ $q->execute();
+ $result = $q->fetch();
+ if ($result['count'] > 0) {
+ http_response_code(415);
+ throw new Exception(
+ 'File blacklisted!',
+ 415
+ );
+ exit(0);
+ }
+}
+
+public function checkExtensionBlacklist($ext){
+ //Check if EXT is blacklisted
+ if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
+ http_response_code(415);
+ throw new Exception(
+ 'File type not allowed!',
+ 415
+ );
+ exit(0);
+ }
+}
+
+public function checkMimeBlacklist($mime){
+ //check if MIME is blacklisted
+ if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
+ http_response_code(415);
+ throw new Exception(
+ 'File type not allowed!',
+ 415
+ );
+ exit(0);
+ }
+}
+
+ public function generateName($file)
+ {
+ $this->fileInfo($file);
+ $error = new
+ do {
+ // Iterate until we reach the maximum number of retries
+ if ($this->FILES_RETRIES-- === 0) {
+ $error->throwError('500', 'Gave up trying to find an unused name', true);
+ }
+
+
+
+
+ for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
+ $this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
+ }
+
+ // Add the extension to the file name
+ if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
+ $this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
+ }
+
+ // Check if the file hash is blacklisted
+ if($this->BLACKLIST_DB){
+ $this->checkFileBlacklist($file->getSha1());
+ }
+
+ // Check if extension or mime is blacklisted
+ if($this->FILTER_MODE) {
+ $this->checkMimeBlacklist($this->FILE_MIME);
+ $this->checkExtensionBlacklist($this->FILE_EXTENSION);
+ }
+
+ // Check if a file with the same name does already exist in the database
+ $q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
+ $q->bindValue(':name', $name, PDO::PARAM_STR);
+ $q->execute();
+ $result = $q->fetchColumn();
+ // If it does, generate a new name
+ } while ($result > 0);
+
+ return $name;
+ }
+}
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * Uguu
+ *
+ * @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+class errorReport
+{
+
+}
\ No newline at end of file
+++ /dev/null
-<?php
-
-require_once 'settings.inc.php';
-
-/* NOTE: we don't have to unref the PDO because we're not long-running */
-$db = new PDO(UGUU_DB_CONN, UGUU_DB_USER, UGUU_DB_PASS);
+++ /dev/null
-<?php
-
-/**
- * User configurable settings for Uguu.
- */
-
-/*
- * PDO connection socket
- *
- * Database connection to use for communication. Currently, MySQL is the only
- * DSN prefix supported.
- *
- * @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
- * PDO_MYSQL DSN.
- * @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
- */
-define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
-
-/*
- * PDO database login credentials
- */
-
-/* @param string UGUU_DB_NAME Database username */
-define('UGUU_DB_USER', 'NULL');
-/* @param string UGUU_DB_PASS Database password */
-define('UGUU_DB_PASS', 'NULL');
-
-/**
- * @param boolean Log IP of uploads
- */
-define('LOG_IP', false);
-
-/**
- * @param boolean anti-dupe
- */
-define('ANTI_DUPE', false);
-
-/**
- * @param boolean blacklist DB
- * ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA!
- */
-define('BLACKLIST_DB', false);
-
-/*
- * File system location where to store uploaded files
- *
- * @param string Path to directory with trailing delimiter
- */
-define('UGUU_FILES_ROOT', '/path/to/file/');
-
-/*
- * Maximum number of iterations while generating a new filename
- *
- * Uguu uses an algorithm to generate random filenames. Sometimes a file may
- * exist under a randomly generated filename, so we count tries and keep trying.
- * If this value is exceeded, we give up trying to generate a new filename.
- *
- * @param int UGUU_FILES_RETRIES Number of attempts to retry
- */
-define('UGUU_FILES_RETRIES', 15);
-
-/*
- * The length of generated filename (without file extension)
- *
- * @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters
- * to use
- */
-define('UGUU_FILES_LENGTH', 8);
-
-/*
- * URI to prepend to links for uploaded files
- *
- * @param string UGUU_URL URI with trailing delimiter
- */
-define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com/');
-
-/*
- * URI for filename generation
- *
- * @param string characters to be used in generateName()
- */
-define('ID_CHARSET', 'abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ');
-
-/*
- * Filtered mime types
- */
-define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg']));
-define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));
-
-/**
- * Whitelist or blacklist mode
- * @param boolean blacklist (false) | whitelist (true)
- */
-define('CONFIG_FILTER_MODE', false);
-
-/**
- * Double dot file extensions.
- *
- * Uguu keeps the last file extension for the uploaded file. In other words, an
- * uploaded file with `.tar.gz` extension will be given a random filename which
- * ends in `.gz` unless configured here to ignore discards for `.tar.gz`.
- *
- * @param string[] $doubledots Array of double dot file extensions strings
- * without the first prefixing dot
- */
-$doubledots = array_map('strrev', [
- 'tar.gz',
- 'tar.bz',
- 'tar.bz2',
- 'tar.xz',
- 'user.js',
-]);
projects / uguu.git / commitdiff
