Initial import
authorAntonio Ospite <ao2@ao2.it>
Wed, 31 May 2017 11:55:23 +0000 (13:55 +0200)
committerAntonio Ospite <ao2@ao2.it>
Wed, 31 May 2017 14:01:01 +0000 (16:01 +0200)
.gitignore [new file with mode: 0644]
NOTES.txt [new file with mode: 0644]
composer.json [new file with mode: 0644]
index.php [new file with mode: 0644]

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..ca0a6d8
--- /dev/null
@@ -0,0 +1,3 @@
+.htaccess
+.htpasswd
+incoming/
diff --git a/NOTES.txt b/NOTES.txt
new file mode 100644 (file)
index 0000000..ed49962
--- /dev/null
+++ b/NOTES.txt
@@ -0,0 +1,13 @@
+Make sure that the web server can write to the incoming/ dir:
+
+  sudo chgrp www-data incoming/
+  sudo chmod 775 incoming/
+
+Add some access control to the directory:
+
+  echo "AuthType Basic" >> .htaccess
+  echo "AuthName \"Upload\"" >> .htaccess
+  echo "AuthUserFile \"$PWD/.htpasswd\"" >> .htaccess
+  echo "Require valid-user" >> .htaccess
+  htpasswd .htpasswd upload
+
diff --git a/composer.json b/composer.json
new file mode 100644 (file)
index 0000000..b8022ac
--- /dev/null
@@ -0,0 +1,5 @@
+{
+    "require": {
+        "siriusphp/upload": "^2.1"
+    }
+}
diff --git a/index.php b/index.php
new file mode 100644 (file)
index 0000000..4353ede
--- /dev/null
+++ b/index.php
@@ -0,0 +1,86 @@
+<?php
+/**
+ * @file
+ * php-simple-upload - simple upload page.
+ *
+ * Copyright (C) 2017  Antonio Ospite <ao2@ao2.it>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+require __DIR__ . '/vendor/autoload.php';
+
+use Sirius\Upload\Handler as UploadHandler;
+
+// Path relative to the script dir.
+const INCOMING_DIR = 'incoming/';
+
+const MAX_FILE_SIZE = '1G';
+
+const ALLOWED_EXTENSIONS = [
+  'avi',
+  'bz2',
+  'gz',
+  'htm',
+  'html',
+  'jpg',
+  'mp3',
+  'mpg',
+  'php',
+  'png',
+  'rar',
+  'txt',
+  'zip',
+];
+
+if (isset($_POST['task']) && $_POST['task'] == "upload") {
+  $uploadHandler = new UploadHandler(INCOMING_DIR);
+
+  $uploadHandler->addRule('extension', ['allowed' => ALLOWED_EXTENSIONS], '{label} invalid file type', 'File');
+  $uploadHandler->addRule('size', ['max' => MAX_FILE_SIZE], '{label} should be less than {max}', 'File');
+
+  $result = $uploadHandler->process($_FILES);
+  if ($result->isValid()) {
+    try {
+      $result->confirm();
+    }
+    catch (\Exception $e) {
+      $result->clear();
+      throw $e;
+    }
+  }
+  else {
+    echo "<pre>{$result->getMessages()}</pre>";
+  }
+}
+
+$iframe_parent_request_url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . INCOMING_DIR;
+
+// Avoid iframe recursion.
+if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == $iframe_parent_request_url) {
+  echo "Iframe recursion detected, use the BACK button in the browser";
+  return;
+}
+?>
+
+<h1>Upload</h1>
+<form method="POST" enctype="multipart/form-data">
+  <input type="file" name="filefield[]" multiple="true"/>
+  <input type="hidden" name="task" value="upload"/>
+  <input type="submit" value="Upload File"/>
+</form>
+
+<iframe sandbox src="<?php echo INCOMING_DIR; ?>" height="100%" width="100%" frameborder="0">
+  Your browser does not support iframes <a href="<?php echo INCOMING_DIR; ?>">click here to view the page directly.</a>
+</iframe>