123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 |
- <?php
- /**
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
- *
- * You should have received a copy of the
- * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
- * along with this program. If not, see http://www.sun.com/cddl/cddl.html
- *
- * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
- */
- # global debug setting
- define('DEBUG',false);
- # Encoding and error reporting setting
- mb_http_output('UTF-8');
- mb_internal_encoding('UTF-8');
- ini_set('error_reporting',-1); // E_ALL & E_STRICT
- # default time setting
- date_default_timezone_set('Europe/Berlin');
- # check request
- $_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
- if(!empty($_urlToParse)) {
- if(preg_match('/[\p{C}\p{M}\p{Sc}\p{Sk}\p{So}\p{Zl}\p{Zp}]/u',$_urlToParse) === 1) {
- die('Malformed request. Make sure you know what you are doing.');
- }
- }
- define('ERROR_LOG_FILE','./logs/error.log');
- define('CREATE_LOG','./logs/create.log');
- # error reporting
- ini_set('log_errors',true);
- ini_set('error_log',ERROR_LOG_FILE);
- if(DEBUG === true) {
- ini_set('display_errors',true);
- }
- else {
- ini_set('display_errors',false);
- }
- # static helper class
- require_once 'lib/summoner.class.php';
- # config file
- require_once 'config.php';
- # upload / file handling
- require_once 'lib/mancubus.class.php';
- $_short = false;
- if(isset($_GET['s']) && !empty($_GET['s'])) {
- $_short = trim($_GET['s']);
- $_short = Summoner::validate($_short,'nospace') ? $_short : false;
- }
- $_create = false;
- if(isset($_POST['dl']) && !empty($_POST['dl'])
- && isset($_FILES['pasty']) && !empty($_FILES['pasty'])
- && isset(SELFPASTE_UPLOAD_SECRET[$_POST['dl']])) {
- $_create = true;
- }
- $contentType = 'Content-type: text/html; charset=UTF-8';
- $contentView = 'welcome';
- $httpResponseCode = 200;
- if(!empty($_short)) {
- $contentType = 'Content-type: text/plain; charset=UTF-8';
- $contentView = 'view';
- $httpResponseCode = 404;
- $contentBody = 'File not found.';
- $_t = Summoner::b64sl_unpack_id($_short);
- $_t = (string)$_t;
- $_p = Summoner::forwardslashStringToPath($_t);
- $_requestFile = Summoner::endsWith(SELFPASTE_UPLOAD_DIR,'/') ? SELFPASTE_UPLOAD_DIR : SELFPASTE_UPLOAD_DIR.'/';
- $_requestFile .= $_p;
- $_requestFile .= $_t;
- if(is_readable($_requestFile)) {
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $mime = finfo_file($finfo, $_requestFile);
- finfo_close($finfo);
- if(strstr($mime,'image/')) {
- $contentType = "Content-type: $mime;";
- }
- $contentBody = $_requestFile;
- $httpResponseCode = 200;
- }
- }
- elseif ($_create === true) {
- $contentView = 'created';
- $contentType = 'Content-type:application/json;charset=utf-8';
- $httpResponseCode = 400;
- $_message = 'Something went wrong.';
- $_file = $_FILES['pasty'];
- $_fileObj = new Mancubus();
- if($_fileObj->load($_FILES['pasty']) === true) {
- $_fileObj->setSaveFilename();
- $_fileObj->setShort();
- $_fileObj->setStoragePath();
- $_fileObj->setShortURL();
- $_do = $_fileObj->process();
- $_message = $_do['message'];
- if($_do['status'] === true) {
- $httpResponseCode = 200;
- if(defined('LOG_CREATION') && LOG_CREATION === true) {
- error_log(date("c")." ".$_message." ".SELFPASTE_UPLOAD_SECRET[$_POST['dl']]."\n",3,CREATE_LOG);
- }
- }
- }
- $contentBody = array(
- 'message' => $_message,
- 'status' => $httpResponseCode
- );
- }
- header('X-PROVIDED-BY: selfpaste');
- header($contentType);
- http_response_code($httpResponseCode);
- if(file_exists('view/'.$contentView.'.inc.php')) {
- require_once 'view/'.$contentView.'.inc.php';
- }
- else {
- error_log('Content body file missing. '.var_export($_SERVER,true),3,ERROR_LOG_FILE);
- http_response_code(400);
- die('Well, something went wrong...');
- }
|