index.php 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. <?php
  2. /**
  3. * This program is free software: you can redistribute it and/or modify
  4. * it under the terms of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
  5. *
  6. * You should have received a copy of the
  7. * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
  8. * along with this program. If not, see http://www.sun.com/cddl/cddl.html
  9. *
  10. * 2019 - 2020 https://://www.bananas-playground.net/projekt/selfpaste
  11. */
  12. # global debug setting
  13. define('DEBUG',false);
  14. # Encoding and error reporting setting
  15. mb_http_output('UTF-8');
  16. mb_internal_encoding('UTF-8');
  17. ini_set('error_reporting',-1); // E_ALL & E_STRICT
  18. # default time setting
  19. date_default_timezone_set('Europe/Berlin');
  20. # check request
  21. $_urlToParse = filter_var($_SERVER['QUERY_STRING'],FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
  22. if(!empty($_urlToParse)) {
  23. if(preg_match('/[\p{C}\p{M}\p{Sc}\p{Sk}\p{So}\p{Zl}\p{Zp}]/u',$_urlToParse) === 1) {
  24. die('Malformed request. Make sure you know what you are doing.');
  25. }
  26. }
  27. define('ERROR_LOG_FILE','./logs/error.log');
  28. define('CREATE_LOG','./logs/create.log');
  29. # error reporting
  30. ini_set('log_errors',true);
  31. ini_set('error_log',ERROR_LOG_FILE);
  32. if(DEBUG === true) {
  33. ini_set('display_errors',true);
  34. }
  35. else {
  36. ini_set('display_errors',false);
  37. }
  38. # static helper class
  39. require_once 'lib/summoner.class.php';
  40. # config file
  41. require_once 'config.php';
  42. # upload / file handling
  43. require_once 'lib/mancubus.class.php';
  44. $_short = false;
  45. if(isset($_GET['s']) && !empty($_GET['s'])) {
  46. $_short = trim($_GET['s']);
  47. $_short = Summoner::validate($_short,'nospace') ? $_short : false;
  48. }
  49. $_create = false;
  50. if(isset($_POST['dl']) && !empty($_POST['dl'])
  51. && isset($_FILES['pasty']) && !empty($_FILES['pasty'])
  52. && isset(SELFPASTE_UPLOAD_SECRET[$_POST['dl']])) {
  53. $_create = true;
  54. }
  55. $contentType = 'Content-type: text/html; charset=UTF-8';
  56. $contentView = 'welcome';
  57. $httpResponseCode = 200;
  58. if(!empty($_short)) {
  59. $contentType = 'Content-type: text/plain; charset=UTF-8';
  60. $contentView = 'view';
  61. $httpResponseCode = 404;
  62. $contentBody = 'File not found.';
  63. $_t = Summoner::b64sl_unpack_id($_short);
  64. $_t = (string)$_t;
  65. $_p = Summoner::forwardslashStringToPath($_t);
  66. $_requestFile = Summoner::endsWith(SELFPASTE_UPLOAD_DIR,'/') ? SELFPASTE_UPLOAD_DIR : SELFPASTE_UPLOAD_DIR.'/';
  67. $_requestFile .= $_p;
  68. $_requestFile .= $_t;
  69. if(is_readable($_requestFile)) {
  70. $contentBody = $_requestFile;
  71. $httpResponseCode = 200;
  72. }
  73. }
  74. elseif ($_create === true) {
  75. $contentView = 'created';
  76. $contentType = 'Content-type:application/json;charset=utf-8';
  77. $httpResponseCode = 400;
  78. $_message = 'Something went wrong.';
  79. $_file = $_FILES['pasty'];
  80. $_fileObj = new Mancubus();
  81. if($_fileObj->load($_FILES['pasty']) === true) {
  82. $_fileObj->setSaveFilename();
  83. $_fileObj->setShort();
  84. $_fileObj->setStoragePath();
  85. $_fileObj->setShortURL();
  86. $_do = $_fileObj->process();
  87. $_message = $_do['message'];
  88. if($_do['status'] === true) {
  89. $httpResponseCode = 200;
  90. if(defined('LOG_CREATION') && LOG_CREATION === true) {
  91. error_log(date("c")." ".$_message." ".SELFPASTE_UPLOAD_SECRET[$_POST['dl']]."\n",3,CREATE_LOG);
  92. }
  93. }
  94. }
  95. $contentBody = array(
  96. 'message' => $_message,
  97. 'status' => $httpResponseCode
  98. );
  99. }
  100. header('X-PROVIDED-BY: selfpaste');
  101. header($contentType);
  102. http_response_code($httpResponseCode);
  103. if(file_exists('view/'.$contentView.'.inc.php')) {
  104. require_once 'view/'.$contentView.'.inc.php';
  105. }
  106. else {
  107. error_log('Content body file missing. '.var_export($_SERVER,true),3,ERROR_LOG_FILE);
  108. http_response_code(400);
  109. die('Well, something went wrong...');
  110. }