forked from friendica/friendica-addons
131 lines
3.1 KiB
PHP
131 lines
3.1 KiB
PHP
|
<?php
|
||
|
|
||
|
/*
|
||
|
|
||
|
Jappix - An open social platform
|
||
|
This is the Jappix Out of Band file send script
|
||
|
|
||
|
-------------------------------------------------
|
||
|
|
||
|
License: AGPL
|
||
|
Author: Vanaryon
|
||
|
Last revision: 14/01/12
|
||
|
|
||
|
*/
|
||
|
|
||
|
// PHP base
|
||
|
define('JAPPIX_BASE', '..');
|
||
|
|
||
|
// Get the needed files
|
||
|
require_once('./functions.php');
|
||
|
require_once('./read-main.php');
|
||
|
require_once('./read-hosts.php');
|
||
|
|
||
|
// Optimize the page rendering
|
||
|
hideErrors();
|
||
|
compressThis();
|
||
|
|
||
|
// Not allowed for a special node
|
||
|
if(isStatic())
|
||
|
exit;
|
||
|
|
||
|
// Action on an existing file
|
||
|
if(isset($_GET['id']) && !empty($_GET['id'])) {
|
||
|
$file_id = $_GET['id'];
|
||
|
$file_path = JAPPIX_BASE.'/store/send/'.$file_id;
|
||
|
|
||
|
// Get file name
|
||
|
if(isset($_GET['name']) && !empty($_GET['name']))
|
||
|
$file_name = $_GET['name'];
|
||
|
else
|
||
|
$file_name = $file_id;
|
||
|
|
||
|
// Hack?
|
||
|
if(!isSafe($file_id)) {
|
||
|
header('Status: 406 Not Acceptable', true, 406);
|
||
|
exit('HTTP/1.1 406 Not Acceptable');
|
||
|
}
|
||
|
|
||
|
// File does not exist
|
||
|
if(!file_exists($file_path)) {
|
||
|
header('Status: 404 Not Found', true, 404);
|
||
|
exit('HTTP/1.1 404 Not Found');
|
||
|
}
|
||
|
|
||
|
// Remove a file
|
||
|
if(isset($_GET['action']) && ($_GET['action'] == 'remove')) {
|
||
|
header('Status: 204 No Content', true, 204);
|
||
|
unlink($file_path);
|
||
|
}
|
||
|
|
||
|
// Receive a file
|
||
|
header("Content-disposition: attachment; filename=\"$file_name\"");
|
||
|
header("Content-Type: application/force-download");
|
||
|
header("Content-Length: ".filesize($file_path));
|
||
|
header("Pragma: no-cache");
|
||
|
header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
|
||
|
header("Expires: 0");
|
||
|
readfile($file_path);
|
||
|
unlink($file_path);
|
||
|
}
|
||
|
|
||
|
// Send a file
|
||
|
else if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['id']) && !empty($_POST['id'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
|
||
|
header('Content-Type: text/xml; charset=utf-8');
|
||
|
|
||
|
// Get the file name
|
||
|
$tmp_filename = $_FILES['file']['tmp_name'];
|
||
|
$filename = $_FILES['file']['name'];
|
||
|
|
||
|
// Get the location
|
||
|
if(HOST_UPLOAD)
|
||
|
$location = HOST_UPLOAD;
|
||
|
else
|
||
|
$location = $_POST['location'];
|
||
|
|
||
|
// Get the file new name
|
||
|
$ext = getFileExt($filename);
|
||
|
$new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
|
||
|
|
||
|
// Define some vars
|
||
|
$name = sha1(time().$filename);
|
||
|
$path = JAPPIX_BASE.'/store/send/'.$name.'.'.$ext;
|
||
|
|
||
|
// Forbidden file?
|
||
|
if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
|
||
|
exit(
|
||
|
'<jappix xmlns=\'jappix:file:send\'>
|
||
|
<error>forbidden-type</error>
|
||
|
<id>'.htmlspecialchars($_POST['id']).'</id>
|
||
|
</jappix>'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
// File upload error?
|
||
|
if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
|
||
|
exit(
|
||
|
'<jappix xmlns=\'jappix:file:send\'>
|
||
|
<error>move-error</error>
|
||
|
<id>'.htmlspecialchars($_POST['id']).'</id>
|
||
|
</jappix>'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
// Return the path to the file
|
||
|
exit(
|
||
|
'<jappix xmlns=\'jappix:file:send\'>
|
||
|
<url>'.htmlspecialchars($location.'php/send.php?id='.urlencode($name).'.'.urlencode($ext).'&name='.urlencode($filename)).'</url>
|
||
|
<desc>'.htmlspecialchars($new_name).'</desc>
|
||
|
<id>'.htmlspecialchars($_POST['id']).'</id>
|
||
|
</jappix>'
|
||
|
);
|
||
|
}
|
||
|
|
||
|
// Error?
|
||
|
else {
|
||
|
header('Status: 400 Bad Request', true, 400);
|
||
|
exit('HTTP/1.1 400 Bad Request');
|
||
|
}
|
||
|
|
||
|
?>
|