KAZ
/
depollueur
3
1
Fork 0
Code Issues Pull Requests Projects Releases Activity
Browse Source

fix f.php (4.3)

develop
François 2 years ago
parent
1698a2ecb8
commit
1d19e111c3
1 changed files with 52 additions and 66 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 118
      src/Jirafeau/f.php

118
src/Jirafeau/f.php
View File

@ -2,7 +2,7 @@
/*
* Jirafeau, your web file repository
* Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
* Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
* Copyright (C) 2015 Jerome Jutteau <jerome@jutteau.fr>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@ -32,10 +32,9 @@ if (!isset($_GET['h']) || empty($_GET['h'])) {
* Be sure PHP's safe mode is off.
*/
@set_time_limit(0);
/* Remove errors. */
@error_reporting(0);
$link_name = $_GET['h'];
if (!preg_match('/[0-9a-zA-Z_-]+$/', $link_name)) {
require(JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>' . t('FILE_404') . '</p></div>';
@ -57,11 +56,6 @@ if (isset($_GET['d']) && !empty($_GET['d']) && $_GET['d'] != '1') {
$delete_code = $_GET['d'];
}
$update_period = '';
if (isset($_GET['u']) && !empty($_GET['u'])) {
$update_period = $_GET['u'];
}
$crypt_key = '';
if (isset($_GET['k']) && !empty($_GET['k'])) {
$crypt_key = $_GET['k'];
@ -77,14 +71,8 @@ if (isset($_GET['p']) && !empty($_GET['p'])) {
$do_preview = true;
}
// XXX KAZ
$do_update = false;
if (isset($_GET['u']) && !empty($_GET['u'])) {
$do_update = true;
}
$p = s2p($link['md5']);
if (!file_exists(VAR_FILES . $p . $link['md5'])) {
$p = s2p($link['hash']);
if (!file_exists(VAR_FILES . $p . $link['hash'])) {
jirafeau_delete_link($link_name);
require(JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div class="error"><p>'.t('FILE_NOT_AVAIL').
@ -113,9 +101,8 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
<?php echo t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' ?>
</td></tr>
<tr><td>
<input type="submit" id="submit_delete" value="<?php echo t('DELETE'); ?>"
onclick="document.getElementById('submit_delete_post').action='<?php echo 'f.php?h=' . $link_name . '&amp;d=' . $delete_code . "';"; ?>
document.getElementById('submit_delete').submit ();"/> // '
<input type="submit" id="submit_delete" value="<?php echo t('DELETE'); ?>" <?php $action_delete="'f.php?h=' . $link_name . '&amp;d=' . $delete_code'; document.getElementById('submit_delete').submit ();"; ?>
onclick="document.getElementById('submit_delete_post').action='<?php echo $action_delete; ?>"/>
</td></tr>
</table>
</fieldset></form></div><?php
@ -124,17 +111,6 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
exit;
}
// XXX KAZ
if ($do_update) {
$time=jirafeau_update_link($link_name, $link, $update_period);
$content = '' . $time . NL;
header('HTTP/1.0 200 OK');
header('Content-Length: ' . strlen ($content));
header('Content-Type: text/plain');
echo $content;
exit;
}
if ($link['time'] != JIRAFEAU_INFINITY && time() > $link['time']) {
jirafeau_delete_link($link_name);
require(JIRAFEAU_ROOT.'lib/template/header.php');
@ -162,39 +138,38 @@ if (!empty($link['key'])) {
else {
require(JIRAFEAU_ROOT.'lib/template/header.php');
echo '<div>' .
'<form action="f.php" method="post" id="submit_post" class="form login">'; ?>
<input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
'<form action="f.php" method="post" id="submit_post" class="form login">'; ?>
<input type = "hidden" name = "jirafeau" value = "<?php echo JIRAFEAU_VERSION ?>"/><?php
echo '<fieldset>' .
'<legend>' . t('PSW_PROTEC') .
'</legend><table><tr><td>' .
t('GIMME_PSW') . ' : ' .
'<input type = "password" name = "key" />' .
'</td></tr>' .
'<tr><td>' .
t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' .
'</td></tr>';
'<legend>' . t('PSW_PROTEC') .
'</legend><table><tr><td>' .
t('GIMME_PSW') . ' : ' .
'<input type = "password" name = "key" />' .
'</td></tr>' .
'<tr><td>' .
t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' .
'</td></tr>';
if ($link['onetime'] == 'O') {
echo '<tr><td id="self_destruct">' .
t('AUTO_DESTRUCT') .
'</td></tr>';
t('AUTO_DESTRUCT') .
'</td></tr>';
} ?><tr><td><input type="submit" id = "submit_download" value="<?php echo t('DL'); ?>"
onclick="document.getElementById('submit_post').action='<?php
echo 'f.php?h=' . $link_name . '&amp;d=1';
onclick="document.getElementById('submit_post').action='<?php
echo 'f.php?h=' . $link_name . '&amp;d=1';
if (!empty($crypt_key)) {
echo '&amp;k=' . urlencode($crypt_key);
} ?>';
document.getElementById('submit_download').submit ();"/><?php
if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type'])) {
?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW'); ?>"
onclick="document.getElementById('submit_post').action='<?php
echo 'f.php?h=' . $link_name . '&amp;p=1';
if (!empty($crypt_key)) {
echo '&amp;k=' . urlencode($crypt_key);
} ?>';
document.getElementById('submit_download').submit ();"/><?php
if ($cfg['preview'] && jirafeau_is_viewable($link['mime_type'])) {
?><input type="submit" id = "submit_preview" value="<?php echo t('PREVIEW'); ?>"
onclick="document.getElementById('submit_post').action='<?php
echo 'f.php?h=' . $link_name . '&amp;p=1';
if (!empty($crypt_key)) {
echo '&amp;k=' . urlencode($crypt_key);
} ?>';
document.getElementById('submit_preview').submit ();"/><?php
}
document.getElementById('submit_preview').submit ();"/><?php
}
echo '</td></tr></table></fieldset></form></div>';
require(JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
@ -247,7 +222,6 @@ if (!$password_challenged && !$do_download && !$do_preview) {
echo '&amp;k=' . urlencode($crypt_key);
} ?>';
document.getElementById('submit_post').submit ();"/><?php
}
echo '</td></tr>';
echo '</table></fieldset></form></div>';
@ -263,23 +237,36 @@ if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_downloa
header('Content-Disposition: filename="' . $link['file_name'] . '"');
}
header('Content-Type: ' . $link['mime_type']);
header('Content-MD5: ' . hex_to_base64($link['md5']));
if ($cfg['file_hash'] == "md5") {
header('Content-MD5: ' . hex_to_base64($link['hash']));
}
if ($cfg['litespeed_workaround']) {
// Work around that LiteSpeed truncates large files.
// See https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:internal-redirect
if ($_GET['litespeed_workaround'] == 'phase2') {
$file_web_path = preg_replace('#^' . $_SERVER['DOCUMENT_ROOT'] . '#', '', VAR_FILES);
header('X-LiteSpeed-Location: ' . $file_web_path . $p . $link['hash']);
} else {
// Since Content-Type isn't forwarded by LiteSpeed, first
// redirect to the same URL but append the file name.
header('Location: ' . $_SERVER['PHP_SELF'] . '/' . $link['file_name'] . '?' .
$_SERVER['QUERY_STRING'] . '&litespeed_workaround=phase2');
}
}
/* Read encrypted file. */
if ($link['crypted']) {
elseif ($link['crypted']) {
/* Init module */
$m = mcrypt_module_open('rijndael-256', '', 'ofb', '');
/* Extract key and iv. */
$md5_key = md5($crypt_key);
$iv = jirafeau_crypt_create_iv($md5_key, mcrypt_enc_get_iv_size($m));
$hash_key = md5($crypt_key);
$iv = jirafeau_crypt_create_iv($hash_key, mcrypt_enc_get_iv_size($m));
/* Init module. */
mcrypt_generic_init($m, $md5_key, $iv);
mcrypt_generic_init($m, $hash_key, $iv);
/* Decrypt file. */
$r = fopen(VAR_FILES . $p . $link['md5'], 'r');
$r = fopen(VAR_FILES . $p . $link['hash'], 'r');
while (!feof($r)) {
$dec = mdecrypt_generic($m, fread($r, 1024));
print $dec;
ob_flush();
}
fclose($r);
/* Cleanup. */
@ -288,10 +275,9 @@ if ($link['crypted']) {
}
/* Read file. */
else {
$r = fopen(VAR_FILES . $p . $link['md5'], 'r');
$r = fopen(VAR_FILES . $p . $link['hash'], 'r');
while (!feof($r)) {
print fread($r, 1024);
ob_flush();
}
fclose($r);
}

Write Preview
Loading…
Cancel
Save