From: Antonio Ospite <ao2@ao2.it>
Date: Wed, 31 May 2017 11:55:23 +0000 (+0200)
Subject: Initial import
X-Git-Url: https://git.ao2.it/experiments/php-simple-upload.git/commitdiff_plain/153c41fc01027d97902f7aefcb5018a32cdb2c77?ds=sidebyside
Initial import
---
153c41fc01027d97902f7aefcb5018a32cdb2c77
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ca0a6d8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.htaccess
+.htpasswd
+incoming/
diff --git a/NOTES.txt b/NOTES.txt
new file mode 100644
index 0000000..ed49962
--- /dev/null
+++ b/NOTES.txt
@@ -0,0 +1,13 @@
+Make sure that the web server can write to the incoming/ dir:
+
+ sudo chgrp www-data incoming/
+ sudo chmod 775 incoming/
+
+Add some access control to the directory:
+
+ echo "AuthType Basic" >> .htaccess
+ echo "AuthName \"Upload\"" >> .htaccess
+ echo "AuthUserFile \"$PWD/.htpasswd\"" >> .htaccess
+ echo "Require valid-user" >> .htaccess
+ htpasswd .htpasswd upload
+
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..b8022ac
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,5 @@
+{
+ "require": {
+ "siriusphp/upload": "^2.1"
+ }
+}
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..4353ede
--- /dev/null
+++ b/index.php
@@ -0,0 +1,86 @@
+<?php
+/**
+ * @file
+ * php-simple-upload - simple upload page.
+ *
+ * Copyright (C) 2017 Antonio Ospite <ao2@ao2.it>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+require __DIR__ . '/vendor/autoload.php';
+
+use Sirius\Upload\Handler as UploadHandler;
+
+// Path relative to the script dir.
+const INCOMING_DIR = 'incoming/';
+
+const MAX_FILE_SIZE = '1G';
+
+const ALLOWED_EXTENSIONS = [
+ 'avi',
+ 'bz2',
+ 'gz',
+ 'htm',
+ 'html',
+ 'jpg',
+ 'mp3',
+ 'mpg',
+ 'php',
+ 'png',
+ 'rar',
+ 'txt',
+ 'zip',
+];
+
+if (isset($_POST['task']) && $_POST['task'] == "upload") {
+ $uploadHandler = new UploadHandler(INCOMING_DIR);
+
+ $uploadHandler->addRule('extension', ['allowed' => ALLOWED_EXTENSIONS], '{label} invalid file type', 'File');
+ $uploadHandler->addRule('size', ['max' => MAX_FILE_SIZE], '{label} should be less than {max}', 'File');
+
+ $result = $uploadHandler->process($_FILES);
+ if ($result->isValid()) {
+ try {
+ $result->confirm();
+ }
+ catch (\Exception $e) {
+ $result->clear();
+ throw $e;
+ }
+ }
+ else {
+ echo "<pre>{$result->getMessages()}</pre>";
+ }
+}
+
+$iframe_parent_request_url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . INCOMING_DIR;
+
+// Avoid iframe recursion.
+if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == $iframe_parent_request_url) {
+ echo "Iframe recursion detected, use the BACK button in the browser";
+ return;
+}
+?>
+
+<h1>Upload</h1>
+<form method="POST" enctype="multipart/form-data">
+ <input type="file" name="filefield[]" multiple="true"/>
+ <input type="hidden" name="task" value="upload"/>
+ <input type="submit" value="Upload File"/>
+</form>
+
+<iframe sandbox src="<?php echo INCOMING_DIR; ?>" height="100%" width="100%" frameborder="0">
+ Your browser does not support iframes <a href="<?php echo INCOMING_DIR; ?>">click here to view the page directly.</a>
+</iframe>