1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/jappix_ynh.git synced 2024-09-03 19:26:19 +02:00
jappix_ynh/source/server/send.php
titoko@titoko.fr 979b376609 update 1.0.1
2014-03-12 14:52:47 +01:00

138 lines
No EOL
3.4 KiB
PHP

<?php
/*
Jappix - An open social platform
This is the Jappix Out of Band file send script
-------------------------------------------------
License: AGPL
Author: Valérian Saliou
*/
// PHP base
define('JAPPIX_BASE', '..');
// Get the needed files
require_once('./functions.php');
require_once('./read-main.php');
require_once('./read-hosts.php');
// Prepare application
enableErrorSink();
hideErrors();
compressThis();
// Not allowed for a special node
if(isStatic()) {
exit;
}
// Action on an existing file
if(isset($_GET['id']) && !empty($_GET['id'])) {
$file_id = $_GET['id'];
$file_path = JAPPIX_BASE.'/tmp/send/'.$file_id;
// Get file name
if(isset($_GET['name']) && !empty($_GET['name'])) {
$file_name = $_GET['name'];
} else {
$file_name = $file_id;
}
// Hack?
if(!isSafe($file_id)) {
header('Status: 406 Not Acceptable', true, 406);
exit('HTTP/1.1 406 Not Acceptable');
}
// File does not exist
if(!file_exists($file_path)) {
header('Status: 404 Not Found', true, 404);
exit('HTTP/1.1 404 Not Found');
}
// Remove a file
if(isset($_GET['action']) && ($_GET['action'] == 'remove')) {
header('Status: 204 No Content', true, 204);
unlink($file_path);
exit('File Removed.');
}
// Receive a file
header("Content-disposition: attachment; filename=\"$file_name\"");
header("Content-Type: application/force-download");
header("Content-Length: ".filesize($file_path));
header("Pragma: no-cache");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
header("Expires: 0");
readfile($file_path);
unlink($file_path);
}
// Send a file
else if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['id']) && !empty($_POST['id'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
header('Content-Type: text/xml; charset=utf-8');
// Get the file name
$tmp_filename = $_FILES['file']['tmp_name'];
$filename = $_FILES['file']['name'];
// Get the location
if(HOST_UPLOAD) {
$location = HOST_UPLOAD.'/';
} else {
$location = $_POST['location'];
}
// Get the file new name
$ext = getFileExt($filename);
$new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
// Define some vars
$name = sha1(time().$filename);
$path = JAPPIX_BASE.'/tmp/send/'.$name.'.'.$ext;
// Forbidden file?
if(!isSafeAllowed($filename) || !isSafeAllowed($name.'.'.$ext)) {
exit(
'<jappix xmlns=\'jappix:file:send\'>
<error>forbidden-type</error>
<id>'.htmlspecialchars($_POST['id']).'</id>
</jappix>'
);
}
// File upload error?
if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
exit(
'<jappix xmlns=\'jappix:file:send\'>
<error>move-error</error>
<id>'.htmlspecialchars($_POST['id']).'</id>
</jappix>'
);
}
// Return the path to the file
exit(
'<jappix xmlns=\'jappix:file:send\'>
<url>'.htmlspecialchars($location.'server/send.php?id='.urlencode($name).'.'.urlencode($ext).'&name='.urlencode($filename)).'</url>
<desc>'.htmlspecialchars($new_name).'</desc>
<id>'.htmlspecialchars($_POST['id']).'</id>
</jappix>'
);
}
// Error?
else {
header('Status: 400 Bad Request', true, 400);
exit('HTTP/1.1 400 Bad Request');
}
?>