From f6db4af4fcbb642dc1ea834440d9c96a66d5ef50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois?= <francois@kaz.bzh>
Date: Sat, 28 Jan 2023 08:29:40 +0100
Subject: [PATCH] upgrade Jirafeau 4.5

---
 src/Jirafeau/f.php |  35 +++++++------
 src/Jirafeau/t.php | 121 ---------------------------------------------
 2 files changed, 20 insertions(+), 136 deletions(-)
 delete mode 100644 src/Jirafeau/t.php

diff --git a/src/Jirafeau/f.php b/src/Jirafeau/f.php
index 8e9ec5e..a2d6f0d 100644
--- a/src/Jirafeau/f.php
+++ b/src/Jirafeau/f.php
@@ -89,6 +89,8 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
                                        '</p></div>';
     } else { ?>
         <div>
+            <form action="<?php echo 'f.php?h=' . $link_name . '&amp;d=' . $delete_code; ?>" method="post" id="submit_delete_post" class="form login">
+            <input type="hidden" name="do_delete" value="1" />
             <form action="f.php" method="post" id="submit_delete_post" class="form login">
             <input type="hidden" name="do_delete" value=1/>
             <fieldset>
@@ -97,17 +99,15 @@ if (!empty($delete_code) && $delete_code == $link['link_code']) {
             <tr><td>
 <?php echo t('GONNA_DEL') . ' "' . jirafeau_escape($link['file_name']) . '" (' . jirafeau_human_size($link['file_size']) . ').' ?>
             </td></tr>
-                  <tr><td>
+            <tr><td>
 <?php echo t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' ?>
-                  </td></tr>
-                        <tr><td>
-                        <input type="submit" id="submit_delete"  value="<?php echo t('DELETE'); ?>"
-                        <?php $action_delete="'f.php?h=' . $link_name . '&amp;d=' . $delete_code'; document.getElementById('submit_delete').submit ();"; ?>
-                        onclick="document.getElementById('submit_delete_post').action='<?php echo $action_delete; ?>" />
-                               </td></tr>
-                               </table>
-                               </fieldset></form></div><?php
-                               }
+            </td></tr>
+            <tr><td>
+                <input type="submit" id="submit_delete"  value="<?php echo t('DELETE'); ?>"
+            </td></tr>
+            </table>
+            </fieldset></form></div><?php
+    }
     require(JIRAFEAU_ROOT.'lib/template/footer.php');
     exit;
 }
@@ -145,7 +145,7 @@ if (!empty($link['key'])) {
                                      '<legend>' . t('PSW_PROTEC') .
                                      '</legend><table><tr><td>' .
                                      t('GIMME_PSW') . ' : ' .
-                                     '<input type = "password" name = "key" />' .
+                                     '<input type = "password" name = "key" autocomplete = "current-password"/>' .
                                      '</td></tr>' .
                                      '<tr><td>' .
                                      t('USING_SERVICE'). ' <a href="tos.php" target="_blank" rel="noopener noreferrer">' . t('TOS') . '</a>.' .
@@ -276,11 +276,16 @@ elseif ($link['crypted']) {
 }
 /* Read file. */
 else {
-    $r = fopen(VAR_FILES . $p . $link['hash'], 'r');
-    while (!feof($r)) {
-        print fread($r, 1024);
+    if ($cfg['use_xsendfile']) {
+        $file_web_path = preg_replace('#^' . $_SERVER['DOCUMENT_ROOT'] . '#', '', VAR_FILES);
+        header('X-Sendfile: ' . $file_web_path . $p . $link['hash']);
+    } else {
+        $r = fopen(VAR_FILES . $p . $link['hash'], 'r');
+        while (!feof($r)) {
+            print fread($r, 1024);
+        }
+        fclose($r);
     }
-    fclose($r);
 }
 
 if ($link['onetime'] == 'O') {
diff --git a/src/Jirafeau/t.php b/src/Jirafeau/t.php
deleted file mode 100644
index 138d4e3..0000000
--- a/src/Jirafeau/t.php
+++ /dev/null
@@ -1,121 +0,0 @@
-<?php
-define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
-
-require (JIRAFEAU_ROOT . 'lib/settings.php');
-require (JIRAFEAU_ROOT . 'lib/functions.php');
-require (JIRAFEAU_ROOT . 'lib/lang.php');
-
-@set_time_limit (0);
-/* Remove errors. */
-@error_reporting (0);
-
-if (isset ($_REQUEST ['l']) && !empty ($_REQUEST ['l']))
-    $linksPass = explode ("/", $_REQUEST ["l"]);
-else if (isset ($_REQUEST ['h']) && !empty ($_REQUEST ['h']))
-    $linksPass = $_REQUEST ["h"];
-else
-    die ("no links");
-
-if (!is_array ($linksPass))
-    die ("no list is given: ".$h);
-
-$notFoundCount=0;
-$map = [];
-// First pass: check
-foreach ($linksPass as $line) {
-	if (strpos ($line, '~') !== false)
-        $couple = explode ("~", $line, 2);
-    else
-        $couple = explode ("/", $line, 2);
-    if (count ($couple) == 0)
-        continue;
-    $link_name = $couple [0];
-    if (!$link_name)
-        continue;
-    $crypt_key = count ($couple) == 2 ? $couple [1] : "";
-    if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
-        die ("bad link format : ".$link_name);
-    $link = jirafeau_get_link ($link_name);
-    if (count ($link) == 0) {
-        ++$notFoundCount;
-        continue;
-    }
-    $key = $link['key'];
-    if ($key) {
-        preg_match ( '/[0-9a-zA-Z_-]+/', $link['key'], $matches);
-        $key = $matches[1];
-    }
-    if ($key && (empty ($crypt_key) || $key != $crypt_key))
-        die ("bad key for ".$link);
-    $map [$link_name] = $crypt_key;
-}
-
-// second pass: send
-if (isset ($_REQUEST ['n']) && !empty ($_REQUEST ['n']))
-    $dirname=$_REQUEST ['n'];
-else
-    $dirname="kaz-".date ("Ymd-His");
-$tmpFileName = tempnam (sys_get_temp_dir (), $dirname."-");
-$zip = new ZipArchive;
-if (!$zip)
-    die ("can't create tmp");
-if ($zip->open ($tmpFileName.".zip", ZipArchive::CREATE) !== TRUE)
-    die ("can't create tmp");
-
-if ($notFoundCount) {
-    $zip->addFromString ($dirname."-Avertissement.txt", $notFoundCount. ($notFoundCount ? " fichier est expiré." : " fichiers sont expirés."));
-}
-$single_name=[];
-foreach ($map as $link_name => $crypt_key) {
-    $link = jirafeau_get_link ($link_name);
-    $p = s2p ($link ['hash']);
-
-    $src_name = $dst_name = $link['file_name'];
-    if (in_array ($src_name, $single_name))
-        for ($i = 0; $i < 10000; ++$i) {
-            $dst_name = sprintf ("%s-%2d", $src_name, $i);
-            if (!in_array ($dst_name, $single_name))
-                break;
-        }
-    $single_name[]=$dst_name;
-
-    // send
-    if ($link['crypted']) {
-        $m = mcrypt_module_open ('rijndael-256', '', 'ofb', '');
-        $md5_key = md5 ($crypt_key);
-        $iv = jirafeau_crypt_create_iv ($md5_key, mcrypt_enc_get_iv_size ($m));
-        mcrypt_generic_init ($m, $md5_key, $iv);
-        $r = fopen (VAR_FILES . $p . $link['hash'], 'r');
-        $content = "";
-        while (!feof ($r)) {
-            $dec = mdecrypt_generic ($m, fread ($r, 1024));
-            $content .= $dec;
-            ob_flush ();
-        }
-        fclose ($r);
-        $zip->addFromString ($dirname."/".$dst_name, $content);
-
-        mcrypt_generic_deinit ($m);
-        mcrypt_module_close ($m);
-        continue;
-    }
-    $zip->addFile (VAR_FILES . $p . $link['hash'], $dirname."/".$dst_name);
-}
-$zip->close ();
-
-    
-if (!is_file ($tmpFileName.".zip"))
-    die ("can't retreive tmp");
-
-header ("HTTP/1.0 200 OK");
-header ("Content-Type: application/zip");
-header ('Content-Disposition: filename="'.$dirname.'.zip"');
-$r = fopen($tmpFileName.".zip", 'r');
-while (!feof ($r)) {
-    print fread ($r, 1024);
-    ob_flush ();
-}
-fclose ($r);
-
-unlink ($tmpFileName.".zip");
-unlink ($tmpFileName);