mirror_php/Jirafeau
1
0
Fork 0
mirror of https://gitlab.com/mojo42/Jirafeau.git synced 2025-01-18 05:18:38 +01:00
Code Issues Projects Releases Wiki Activity
Jirafeau/f.php

285 lines
9.4 KiB
PHP
Raw Normal View History

Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
<?php
/*
* Jirafeau, your web file repository
* Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
adapt license year to 2015
2015-03-10 10:18:48 +01:00
* Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
code reformating
2012-12-07 20:41:43 +00:00
define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
Fix php 5.3 support and prepare languages
2012-12-22 12:46:58 +01:00
require (JIRAFEAU_ROOT . 'lib/lang.php');
Fix config parameter and rename config.php
2013-07-29 21:52:52 +00:00
require (JIRAFEAU_ROOT . 'lib/config.original.php');
Fix php 5.3 support and prepare languages
2012-12-22 12:46:58 +01:00
require (JIRAFEAU_ROOT . 'lib/settings.php');
require (JIRAFEAU_ROOT . 'lib/functions.php');
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
New option to show a page at download time
2013-01-02 23:03:32 +01:00
if (!isset ($_GET['h']) || empty ($_GET['h']))
code reformating
2012-12-07 20:41:43 +00:00
{
New option to show a page at download time
2013-01-02 23:03:32 +01:00
header ('Location: ' . $cfg['web_root']);
exit;
}
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
Fix some bugs due to PHP's max_execution_time
2013-02-14 13:44:32 +00:00
/* Operations may take a long time.
* Be sure PHP's safe mode is off.
*/
Remove errors when occurs
2013-08-01 19:29:56 +00:00
@set_time_limit(0);
/* Remove errors. */
@error_reporting(0);
Fix some bugs due to PHP's max_execution_time
2013-02-14 13:44:32 +00:00
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$link_name = $_GET['h'];
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
Minimize URL length
2013-07-26 15:45:54 +00:00
if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
New option to show a page at download time
2013-01-02 23:03:32 +01:00
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>' . t('Sorry, the requested file is not found') . '</p></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
add delete link added to each upload
2012-12-05 18:48:00 +00:00
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$link = jirafeau_get_link ($link_name);
if (count ($link) == 0)
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>' . t('Sorry, the requested file is not found') .
'</p></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$delete_code = '';
cleanest distinction bewteen 'delete' and 'download' Also fix typo
2015-03-15 10:32:47 +01:00
if (isset ($_GET['d']) && !empty ($_GET['d']) && $_GET['d'] != '1')
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$delete_code = $_GET['d'];
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
$crypt_key = '';
if (isset ($_GET['k']) && !empty ($_GET['k']))
$crypt_key = $_GET['k'];
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
$do_download = false;
cleanest distinction bewteen 'delete' and 'download' Also fix typo
2015-03-15 10:32:47 +01:00
if (isset ($_GET['d']) && $_GET['d'] == '1')
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
$do_download = true;
New option to show a page at download time
2013-01-02 23:03:32 +01:00
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
$do_preview = false;
if (isset ($_GET['p']) && !empty ($_GET['p']))
$do_preview = true;
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$p = s2p ($link['md5']);
if (!file_exists (VAR_FILES . $p . $link['md5']))
{
jirafeau_delete_link ($link_name);
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>'.t('File not available.').
'</p></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
if (!empty ($delete_code) && $delete_code == $link['link_code'])
{
jirafeau_delete_link ($link_name);
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="message"><p>'.t('File has been deleted.').
'</p></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
code reformating
2012-12-07 20:41:43 +00:00
New option to show a page at download time
2013-01-02 23:03:32 +01:00
if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time'])
{
jirafeau_delete_link ($link_name);
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>'.
t('The time limit of this file has expired.') . ' ' .
t('File has been deleted.') .
'</p></div>';
require (JIRAFEAU_ROOT . 'lib/template/footer.php');
exit;
}
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
if (empty ($crypt_key) && $link['crypted'])
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>' . t('Sorry, the requested file is not found') .
'</p></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
New option to show a page at download time
2013-01-02 23:03:32 +01:00
$password_challenged = false;
if (!empty ($link['key']))
{
if (!isset ($_POST['key']))
Added admin interface
2012-12-31 01:22:14 +01:00
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
use scripting interface to send files
2013-01-31 23:14:14 +01:00
echo '<div>' .
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
'<form action = "';
Rename file.php to f.php to minimize url size Note: always better with url rewriting
2013-07-29 20:03:39 +00:00
echo $cfg['web_root'] . '/f.php';
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
echo '" ' .
f.php: replace 'submit' id to not be confused
2015-03-23 13:48:42 +01:00
'method = "post" id = "submit_post">'; ?>
New option to show a page at download time
2013-01-02 23:03:32 +01:00
<input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
echo '<fieldset>' .
'<legend>' . t('Password protection') .
'</legend><table><tr><td>' .
t('Give the password of this file') . ' : ' .
'<input type = "password" name = "key" />' .
better form for download page and fix missing translation
2013-01-03 01:08:54 +01:00
'</td></tr>' .
'<tr><td>' .
typo : accept of our / accept our
2015-03-22 23:20:37 +01:00
t('By using our services, you accept our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>' .
add warning when the file will be downloadable one time only fixes #27
2015-04-06 17:13:33 +02:00
'</td></tr>';
if ($link['onetime'] == 'O')
{
echo '<tr><td id="self_destruct">' .
t('Warning, this file will self-destruct after being read') .
'</td></tr>';
}
?><tr><td><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>"
onclick="document.getElementById('submit_post').action='
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
<?php
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
echo $cfg['web_root'] . '/f.php?h=' . $link_name . '&amp;d=1';
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
if (!empty($crypt_key))
echo '&amp;k=' . urlencode($crypt_key);
?>';
document.getElementById('submit_download').submit ();"/><?php
remove option which shows download page This commit make Jirafeau to always have the download page link available. This option is maybe not really usefull anymore as the user already have a download link and a preview link after the upload.
2015-04-07 13:36:45 +02:00
if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type']))
code reformating
2012-12-07 20:41:43 +00:00
{
New option to show a page at download time
2013-01-02 23:03:32 +01:00
?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>"
f.php: replace 'submit' id to not be confused
2015-03-23 13:48:42 +01:00
onclick="document.getElementById('submit_post').action='
Fixes #17 Add links for preview and direct download after uploading - Also fixe previewable files types - Fixe problem with download page and previewable files - Only show preview link if the content is previewable - Don't propose preview and direct download links when a password is set
2015-03-10 23:49:25 +01:00
<?php
echo $cfg['web_root'] . '/f.php?h=' . $link_name . '&amp;p=1';
if (!empty($crypt_key))
echo '&amp;k=' . urlencode($crypt_key);
?>';
document.getElementById('submit_preview').submit ();"/><?php
code reformating
2012-12-07 20:41:43 +00:00
}
New option to show a page at download time
2013-01-02 23:03:32 +01:00
echo '</td></tr></table></fieldset></form></div>';
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
else
{
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
if ($link['key'] == md5 ($_POST['key']))
$password_challenged = true;
else
code reformating
2012-12-07 20:41:43 +00:00
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
refactorised translation function
2012-12-31 15:48:30 +01:00
echo '<div class="error"><p>' . t('Access denied') .
Added admin interface
2012-12-31 01:22:14 +01:00
'</p></div>';
code reformating
2012-12-07 20:41:43 +00:00
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
}
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
}
New option to show a page at download time
2013-01-02 23:03:32 +01:00
}
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
remove option which shows download page This commit make Jirafeau to always have the download page link available. This option is maybe not really usefull anymore as the user already have a download link and a preview link after the upload.
2015-04-07 13:36:45 +02:00
if (!$password_challenged && !$do_download && !$do_preview)
New option to show a page at download time
2013-01-02 23:03:32 +01:00
{
require (JIRAFEAU_ROOT.'lib/template/header.php');
use scripting interface to send files
2013-01-31 23:14:14 +01:00
echo '<div>' .
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
'<form action = "';
Rename file.php to f.php to minimize url size Note: always better with url rewriting
2013-07-29 20:03:39 +00:00
echo $cfg['web_root'] . '/f.php';
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
echo '" ' .
f.php: replace 'submit' id to not be confused
2015-03-23 13:48:42 +01:00
'method = "post" id = "submit_post">'; ?>
New option to show a page at download time
2013-01-02 23:03:32 +01:00
<input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
Escape filenames to not break HTML views fixes #39 Signed-off-by: Jerome Jutteau <mojo@couak.net>
2015-05-19 13:58:36 +02:00
echo '<fieldset><legend>' . htmlspecialchars($link['file_name']) . '</legend><table>' .
better form for download page and fix missing translation
2013-01-03 01:08:54 +01:00
'<tr><td>' .
Escape filenames to not break HTML views fixes #39 Signed-off-by: Jerome Jutteau <mojo@couak.net>
2015-05-19 13:58:36 +02:00
t('You are about to download') . ' "' . htmlspecialchars($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ')' .
better form for download page and fix missing translation
2013-01-03 01:08:54 +01:00
'</td></tr>' .
'<tr><td>' .
add warning when the file will be downloadable one time only fixes #27
2015-04-06 17:13:33 +02:00
t('By using our services, you accept our'). ' <a href="' . $cfg['web_root'] . '/tos.php' . '">' . t('Term Of Service') . '</a>' .
'</td></tr>';
if ($link['onetime'] == 'O')
{
echo '<tr><td id="self_destruct">' .
t('Warning, this file will self-destruct after being read') .
'</td></tr>';
}
?>
<tr><td><input type="submit" id = "submit_download" value="<?php echo t('Download'); ?>"
onclick="document.getElementById('submit_post').action='
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
<?php
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
echo $cfg['web_root'] . '/f.php?h=' . $link_name . '&amp;d=1';
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
if (!empty($crypt_key))
echo '&amp;k=' . urlencode($crypt_key);
?>';
f.php: fix js error in download page
2015-03-23 13:48:52 +01:00
document.getElementById('submit_post').submit ();"/><?php
Added admin interface
2012-12-31 01:22:14 +01:00
remove option which shows download page This commit make Jirafeau to always have the download page link available. This option is maybe not really usefull anymore as the user already have a download link and a preview link after the upload.
2015-04-07 13:36:45 +02:00
if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type']))
New option to show a page at download time
2013-01-02 23:03:32 +01:00
{
?><input type="submit" id = "submit_preview" value="<?php echo t('Preview'); ?>"
f.php: replace 'submit' id to not be confused
2015-03-23 13:48:42 +01:00
onclick="document.getElementById('submit_post').action='
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
<?php
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
echo $cfg['web_root'] . '/f.php?h=' . $link_name . '&amp;p=1';
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
if (!empty($crypt_key))
echo '&amp;k=' . urlencode($crypt_key);
?>';
f.php: fix js error in download page
2015-03-23 13:48:52 +01:00
document.getElementById('submit_post').submit ();"/><?php
New option to show a page at download time
2013-01-02 23:03:32 +01:00
}
better form for download page and fix missing translation
2013-01-03 01:08:54 +01:00
echo '</td></tr>';
echo '</table></fieldset></form></div>';
New option to show a page at download time
2013-01-02 23:03:32 +01:00
require (JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
code reformating
2012-12-07 20:41:43 +00:00
}
New option to show a page at download time
2013-01-02 23:03:32 +01:00
Bypass size limit by splitting big files on client’s side using HTML5 file API
2013-02-10 01:37:43 +01:00
header ('HTTP/1.0 200 OK');
New option to show a page at download time
2013-01-02 23:03:32 +01:00
header ('Content-Length: ' . $link['file_size']);
refactor some url parameters when downloading
2015-03-10 21:25:21 +01:00
if (!jirafeau_is_viewable ($link['mime_type']) || !$cfg['preview'] || $do_download)
f.php fix bad file name when browser cannot preview file This permits to have the original file name when browser force user to download the file because he cannot preview it. closes #24
2015-03-23 13:48:49 +01:00
header ('Content-Disposition: attachment; filename="' . $link['file_name'] . '"');
else
header ('Content-Disposition: filename="' . $link['file_name'] . '"');
Fixes #3 Content type should always be put in headers
2015-02-22 23:56:45 +01:00
header ('Content-Type: ' . $link['mime_type']);
add Content-MD5 header when downloading a file Signed-off-by: Jerome Jutteau <mojo@couak.net>
2015-05-07 18:42:38 +02:00
header ('Content-MD5: ' . hex_to_base64($link['md5']));
Bypass size limit by splitting big files on client’s side using HTML5 file API
2013-02-10 01:37:43 +01:00
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
/* Read encrypted file. */
if ($link['crypted'])
{
/* Init module */
$m = mcrypt_module_open('rijndael-256', '', 'ofb', '');
Minimize URL length
2013-07-26 15:45:54 +00:00
/* Extract key and iv. */
$md5_key = md5 ($crypt_key);
$iv = jirafeau_crypt_create_iv ($md5_key, mcrypt_enc_get_iv_size($m));
/* Init module. */
mcrypt_generic_init ($m, $md5_key, $iv);
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
/* Decrypt file. */
$r = fopen (VAR_FILES . $p . $link['md5'], 'r');
while (!feof ($r))
{
$dec = mdecrypt_generic($m, fread ($r, 1024));
print $dec;
ob_flush();
}
fclose ($r);
/* Cleanup. */
mcrypt_generic_deinit($m);
mcrypt_module_close($m);
}
/* Read file. */
else
Bypass size limit by splitting big files on client’s side using HTML5 file API
2013-02-10 01:37:43 +01:00
{
Add encryption feature (disabled by default). Notes: - This feature requieres mcrypt module to be installed. - File dedupliation will stop working (as files are encrypted). - Server's ressource usage is heavier (encryption/decryption cost).
2013-07-24 14:46:39 +02:00
$r = fopen (VAR_FILES . $p . $link['md5'], 'r');
while (!feof ($r))
{
print fread ($r, 1024);
ob_flush();
}
fclose ($r);
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
}
New option to show a page at download time
2013-01-02 23:03:32 +01:00
if ($link['onetime'] == 'O')
jirafeau_delete_link ($link_name);
exit;
Security fix, bug fix and project name change. Security: we can now upload any type of file no matter how they are named. Bug fix: in Jyraphe 0.5 stable, we were not able to add several times the same file with a different link file.
2012-12-05 17:29:38 +00:00
?>
Reference in New Issue Copy Permalink