-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathupload.php
More file actions
152 lines (129 loc) · 4.87 KB
/
upload.php
File metadata and controls
152 lines (129 loc) · 4.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
/**
* @file
* Upload handler for media files.
*
* Copyright 2013, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contributing
*/
// Only output real errors. We don't want warnings to break the JSON.
error_reporting(E_ERROR);
// HTTP headers for no cache & CORS etc.
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
header('Content-type: text/html;');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
header("Pragma: no-cache");
// 5 minutes execution time.
@set_time_limit(5 * 60);
require_once 'helper_base.php';
// Settings.
if (isset($_GET['destination'])) {
// The upload path should be provided by the client as is configurable.
$targetDir = "$_GET[destination]";
}
else {
throw new Exception('Bad request to upload.php script');
}
// Clenaup old .part upload files.
$cleanupTargetDir = TRUE;
// Max .part file age in seconds.
$maxFileAge = 5 * 3600;
// Create target dir.
if (!file_exists($targetDir)) {
@mkdir($targetDir);
}
if (!file_exists($targetDir)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 105, "message": "Failed to create upload directory."}, "id" : "id"}');
}
// Get a file name.
if (isset($_REQUEST["name"])) {
$fileName = $_REQUEST["name"];
}
elseif (!empty($_FILES)) {
$fileName = $_FILES["file"]["name"];
}
else {
die('{"jsonrpc" : "2.0", "error" : {"code": 106, "message": "File has no name."}, "id" : "id"}');
}
// Clean the fileName for security reasons.
$fileName = preg_replace('/[^\w\._]+/', '', $fileName);
if (!helper_base::checkUploadFileType($fileName)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 108, "message": "File type not allowed."}, "id" : "id"}');
}
// Chunking might be enabled.
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
// Remove old temp files.
if ($cleanupTargetDir) {
if (!is_dir($targetDir) || !$dir = opendir($targetDir)) {
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
}
while (($file = readdir($dir)) !== FALSE) {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
// If .part file is current file proceed to the next.
if ($tmpfilePath == "{$filePath}.part") {
continue;
}
// Remove .part file if it is older than the max age.
if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge)) {
@unlink($tmpfilePath);
}
}
closedir($dir);
}
// Open .part file for output.
if (!$out = @fopen("{$filePath}.part", $chunks ? "ab" : "wb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
if (!empty($_FILES)) {
if ($_FILES["file"]["error"] || !is_uploaded_file($_FILES["file"]["tmp_name"])) {
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
// Read binary input stream and append it to .psrt file.
if (!$in = @fopen($_FILES["file"]["tmp_name"], "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
else {
if (!$in = @fopen("php://input", "rb")) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
}
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
@fclose($out);
@fclose($in);
// Test file size after each chunk in case hacker has
// circumvented client-side check to send something huge.
clearstatcache();
$file['size'] = filesize("{$filePath}.part");
$file['error'] = '';
if (!helper_base::checkUploadSize($file)) {
// An upload size fail probably means the limit in moxie.js for not resizing
// huge images has been hit.
unlink("{$filePath}.part");
die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "Uploaded file too big. Please resize the file and try again."}, "id" : "id"}');
}
// Check if file has been uploaded.
if (!$chunks || $chunk == $chunks - 1) {
if (!helper_base::checkUploadMimeType("{$filePath}.part")) {
// If the file is not a valid image, then delete it.
unlink("{$filePath}.part");
die('{"jsonrpc" : "2.0", "error" : {"code": 107, "message": "File Mime type not allowed."}, "id" : "id"}');
}
// File appears to be valid.
// Strip the temp .part suffix off.
rename("{$filePath}.part", $filePath);
}
// Return JSON-RPC success response.
echo '{"jsonrpc" : "2.0", "result" : null, "id" : "id"}';