From 153c41fc01027d97902f7aefcb5018a32cdb2c77 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 31 May 2017 13:55:23 +0200 Subject: [PATCH 1/1] Initial import --- .gitignore | 3 +++ NOTES.txt | 13 +++++++++ composer.json | 5 ++++ index.php | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+) create mode 100644 .gitignore create mode 100644 NOTES.txt create mode 100644 composer.json create mode 100644 index.php diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ca0a6d8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.htaccess +.htpasswd +incoming/ diff --git a/NOTES.txt b/NOTES.txt new file mode 100644 index 0000000..ed49962 --- /dev/null +++ b/NOTES.txt @@ -0,0 +1,13 @@ +Make sure that the web server can write to the incoming/ dir: + + sudo chgrp www-data incoming/ + sudo chmod 775 incoming/ + +Add some access control to the directory: + + echo "AuthType Basic" >> .htaccess + echo "AuthName \"Upload\"" >> .htaccess + echo "AuthUserFile \"$PWD/.htpasswd\"" >> .htaccess + echo "Require valid-user" >> .htaccess + htpasswd .htpasswd upload + diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..b8022ac --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "siriusphp/upload": "^2.1" + } +} diff --git a/index.php b/index.php new file mode 100644 index 0000000..4353ede --- /dev/null +++ b/index.php @@ -0,0 +1,86 @@ + + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +require __DIR__ . '/vendor/autoload.php'; + +use Sirius\Upload\Handler as UploadHandler; + +// Path relative to the script dir. +const INCOMING_DIR = 'incoming/'; + +const MAX_FILE_SIZE = '1G'; + +const ALLOWED_EXTENSIONS = [ + 'avi', + 'bz2', + 'gz', + 'htm', + 'html', + 'jpg', + 'mp3', + 'mpg', + 'php', + 'png', + 'rar', + 'txt', + 'zip', +]; + +if (isset($_POST['task']) && $_POST['task'] == "upload") { + $uploadHandler = new UploadHandler(INCOMING_DIR); + + $uploadHandler->addRule('extension', ['allowed' => ALLOWED_EXTENSIONS], '{label} invalid file type', 'File'); + $uploadHandler->addRule('size', ['max' => MAX_FILE_SIZE], '{label} should be less than {max}', 'File'); + + $result = $uploadHandler->process($_FILES); + if ($result->isValid()) { + try { + $result->confirm(); + } + catch (\Exception $e) { + $result->clear(); + throw $e; + } + } + else { + echo "
{$result->getMessages()}
"; + } +} + +$iframe_parent_request_url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . INCOMING_DIR; + +// Avoid iframe recursion. +if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] == $iframe_parent_request_url) { + echo "Iframe recursion detected, use the BACK button in the browser"; + return; +} +?> + +

Upload

+
+ + + +
+ + -- 2.1.4