]> git.p6c8.net - jirafeau.git/blob - script.php
admin.php: fix authentication bypass vulnerability
[jirafeau.git] / script.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2015 Jerome Jutteau <j.jutteau@gmail.com>
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as
8 * published by the Free Software Foundation, either version 3 of the
9 * License, or (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
15 *
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20 /*
21 * This file permits to easyly script file sending, receiving, deleting, ...
22 * If you don't want this feature, you can simply delete this file from your
23 * web directory.
24 */
25
26 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
27
28 require (JIRAFEAU_ROOT . 'lib/config.original.php');
29 require (JIRAFEAU_ROOT . 'lib/settings.php');
30 require (JIRAFEAU_ROOT . 'lib/functions.php');
31 require (JIRAFEAU_ROOT . 'lib/lang.php');
32
33 global $script_langages;
34 $script_langages = array ('bash' => 'Bash');
35
36 /* Operations may take a long time.
37 * Be sure PHP's safe mode is off.
38 */
39 @set_time_limit(0);
40 /* Remove errors. */
41 @error_reporting(0);
42
43 if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0)
44 {
45 require (JIRAFEAU_ROOT . 'lib/template/header.php');
46 check_errors ($cfg);
47 if (has_error ())
48 {
49 show_errors ();
50 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
51 exit;
52 }
53 ?>
54 <div class="info">
55 <h2>Scripting interface</h2>
56 <p>This interface permits to script your uploads and downloads.</p>
57 <p>See <a href="https://gitlab.com/mojo42/Jirafeau/blob/master/script.php">source code</a> of this interface to get available calls :)</p>
58 <p>Alternatively, go to <a href="<?php echo $cfg['web_root'] . 'script.php?lang=bash'; ?>">this page</a> to download a bash script.</p>
59 </div>
60 <br />
61 <?php
62 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
63 exit;
64 }
65
66 /* Lets use interface now. */
67 header('Content-Type: text; charset=utf-8');
68
69 check_errors ($cfg);
70 if (has_error ())
71 {
72 echo 'Error 1';
73 exit;
74 }
75
76 /* Upload file */
77 if (isset ($_FILES['file']) && is_writable (VAR_FILES)
78 && is_writable (VAR_LINKS))
79 {
80 if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
81 {
82 echo 'Error 2';
83 exit;
84 }
85
86 if (jirafeau_has_upload_password ($cfg) &&
87 (!isset ($_POST['upload_password']) ||
88 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
89 {
90 echo 'Error 3';
91 exit;
92 }
93
94 $key = '';
95 if (isset ($_POST['key']))
96 $key = $_POST['key'];
97
98 $time = time ();
99 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
100 {
101 echo 'Error 4: The parameter time is invalid.';
102 exit;
103 }
104 else
105 switch ($_POST['time'])
106 {
107 case 'minute':
108 $time += JIRAFEAU_MINUTE;
109 break;
110 case 'hour':
111 $time += JIRAFEAU_HOUR;
112 break;
113 case 'day':
114 $time += JIRAFEAU_DAY;
115 break;
116 case 'week':
117 $time += JIRAFEAU_WEEK;
118 break;
119 case 'month':
120 $time += JIRAFEAU_MONTH;
121 break;
122 case 'year':
123 $time += JIRAFEAU_YEAR;
124 break;
125 default:
126 $time = JIRAFEAU_INFINITY;
127 break;
128 }
129
130 // Check file size
131 if ($cfg['maximal_upload_size'] > 0 &&
132 $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024)
133 {
134 echo 'Error 5: Your file exceeds the maximum authorized file size.';
135 exit;
136 }
137
138 $res = jirafeau_upload ($_FILES['file'],
139 isset ($_POST['one_time_download']),
140 $key, $time, get_ip_address($cfg),
141 $cfg['enable_crypt'], $cfg['link_name_length']);
142
143 if (empty($res) || $res['error']['has_error'])
144 {
145 echo 'Error 6 ' . $res['error']['why'];
146 exit;
147 }
148 /* Print direct link. */
149 echo $res['link'];
150 /* Print delete link. */
151 echo NL;
152 echo $res['delete_link'];
153 /* Print decrypt key. */
154 echo NL;
155 echo urlencode($res['crypt_key']);
156 }
157 elseif (isset ($_GET['h']))
158 {
159 $link_name = $_GET['h'];
160 $key = '';
161 if (isset ($_POST['key']))
162 $key = $_POST['key'];
163 $d = '';
164 if (isset ($_GET['d']))
165 $d = $_GET['d'];
166
167 if (!preg_match ('/[0-9a-zA-Z_-]+$/', $link_name))
168 {
169 echo 'Error 7';
170 exit;
171 }
172
173 $link = jirafeau_get_link ($link_name);
174 if (count ($link) == 0)
175 {
176 echo 'Error 8';
177 exit;
178 }
179 if (strlen ($d) > 0 && $d == $link['link_code'])
180 {
181 jirafeau_delete_link ($link_name);
182 echo "Ok";
183 exit;
184 }
185 if ($link['time'] != JIRAFEAU_INFINITY && time () > $link['time'])
186 {
187 jirafeau_delete_link ($link_name);
188 echo 'Error 9';
189 exit;
190 }
191 if (strlen ($link['key']) > 0 && md5 ($key) != $link['key'])
192 {
193 sleep (2);
194 echo 'Error 10';
195 exit;
196 }
197 $p = s2p ($link['md5']);
198 if (!file_exists (VAR_FILES . $p . $link['md5']))
199 {
200 echo 'Error 11';
201 exit;
202 }
203
204 /* Read file. */
205 header ('Content-Length: ' . $link['file_size']);
206 header ('Content-Type: ' . $link['mime_type']);
207 header ('Content-Disposition: attachment; filename="' .
208 $link['file_name'] . '"');
209
210 $r = fopen (VAR_FILES . $p . $link['md5'], 'r');
211 while (!feof ($r))
212 {
213 print fread ($r, 1024);
214 ob_flush();
215 }
216 fclose ($r);
217
218 if ($link['onetime'] == 'O')
219 jirafeau_delete_link ($link_name);
220 exit;
221 }
222 elseif (isset ($_GET['get_capacity']))
223 {
224 echo min (jirafeau_ini_to_bytes (ini_get ('post_max_size')),
225 jirafeau_ini_to_bytes (ini_get ('upload_max_filesize')));
226 }
227 elseif (isset ($_GET['get_maximal_upload_size']))
228 {
229 echo $cfg['maximal_upload_size'];
230 }
231 elseif (isset ($_GET['get_version']))
232 {
233 echo JIRAFEAU_VERSION;
234 }
235 elseif (isset ($_GET['lang']))
236 {
237 $l=$_GET['lang'];
238 if ($l == "bash")
239 {
240 ?>
241 #!/bin/bash
242
243 # This script has been auto-generated by Jirafeau but you can still edit
244 # options below.
245
246 # Config
247 proxy='' # ex: proxy='proxysever.test.com:3128' or set JIRAFEAU_PROXY global variable
248 url='<?php echo $cfg['web_root'] . 'script.php'; ?>' # or set JIRAFEAU_URL ex: url='http://mysite/jirafeau/script.php'
249 time='none' # minute, hour, day, week, month, year or none. Or set JIRAFEAU_TIME.
250 one_time='' # ex: one_time="1" or set JIRAFEAU_ONE_TIME.
251 curl='' # curl path to download or set JIRAFEAU_CURL_PATH.
252 # End of config
253
254 if [ -n "$JIRAFEAU_PROXY" ]; then
255 proxy="$JIRAFEAU_PROXY"
256 fi
257
258 if [ -n "$JIRAFEAU_URL" ]; then
259 url="$JIRAFEAU_URL"
260 fi
261
262 if [ -z "$url" ]; then
263 echo "Please set url in script parameters or export JIRAFEAU_URL"
264 fi
265
266 if [ -n "$JIRAFEAU_TIME" ]; then
267 time="$JIRAFEAU_TIME"
268 fi
269
270 if [ -n "$JIRAFEAU_ONE_TIME" ]; then
271 one_time='1'
272 fi
273
274 if [ -z "$curl" ]; then
275 curl="$JIRAFEAU_CURL_PATH"
276 fi
277
278 if [ -z "$curl" ] && [ -e "/usr/bin/curl" ]; then
279 curl="/usr/bin/curl"
280 fi
281
282 if [ -z "$curl" ] && [ -e "/bin/curl.exe" ]; then
283 curl="/bin/curl.exe"
284 fi
285
286 if [ -z "$curl" ]; then
287 echo "Please set your curl binary path (by editing this script or export JIRAFEAU_CURL_PATH global variable)."
288 exit
289 fi
290
291 if [ -z "$2" ]; then
292 echo "man:"
293 echo " $0 send PATH [PASSWORD]"
294 echo " $0 get URL [PASSWORD]"
295 echo " $0 delete URL"
296 echo ""
297 echo "Global variables to export:"
298 echo " JIRAFEAU_PROXY : example: proxysever.test.com:3128"
299 echo " JIRAFEAU_URL : example: http://mysite/jirafeau/script.php"
300 echo " JIRAFEAU_TIME : minute, hour, day, week, year, month or none"
301 echo " JIRAFEAU_ONE_TIME : set anything or set empty"
302 echo " JIRAFEAU_CURL : path to your curl binary"
303
304 exit 0
305 fi
306
307 if [ -n "$proxy" ]; then
308 proxy="-x $proxy"
309 fi
310
311 options=''
312 if [ -n "$one_time" ]; then
313 options="$options -F one_time_download=1"
314 fi
315
316 password=''
317 if [ -n "$3" ]; then
318 password="$3"
319 options="$options -F key=$password"
320 fi
321
322 if [ "$1" == "send" ]; then
323 if [ ! -f "$2" ]; then
324 echo "File \"$2\" does not exists."
325 exit
326 fi
327
328 # Ret result
329 res=$($curl -X POST --http1.0 $proxy $options \
330 -F "time=$time" \
331 -F "file=@$2" \
332 $url)
333
334 if [[ "$res" == Error* ]]; then
335 echo "Error while uploading."
336 echo $res
337 exit
338 fi
339
340 # Not using head or tail to minimise command dependencies
341 code=$(cnt=0; echo "$res" | while read l; do
342 if [[ "$cnt" == "0" ]]; then
343 echo "$l"
344 fi
345 cnt=$(( cnt + 1 ))
346 done)
347 del_code=$(cnt=0; echo "$res" | while read l; do
348 if [[ "$cnt" == "1" ]]; then
349 echo "$l"
350 fi
351 cnt=$(( cnt + 1 ))
352 done)
353 echo "Download link:"
354 echo "${url}?h=$code"
355 echo "Direct download link:"
356 echo "${url}?h=$code&d=1"
357 echo "Delete link:"
358 echo "${url}?h=$code&d=$del_code"
359 elif [ "$1" == "get" ]; then
360 if [ -z "$password" ]; then
361 $curl $proxy -OJ "$2"
362 else
363 $curl $proxy -OJ -X POST -F key=$password "$2"
364 fi
365 elif [ "$1" == "delete" ]; then
366 $curl $proxy "$2"
367 fi
368 <?php
369 }
370 else
371 {
372 echo 'Error 12';
373 exit;
374 }
375 }
376 /* Create alias. */
377 elseif (isset ($_GET['alias_create']))
378 {
379 $ip = get_ip_address($cfg);
380 if (!jirafeau_challenge_upload_ip ($cfg, $ip))
381 {
382 echo 'Error 13';
383 exit;
384 }
385
386 if (jirafeau_has_upload_password ($cfg) &&
387 (!isset ($_POST['upload_password']) ||
388 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
389 {
390 echo 'Error 14';
391 exit;
392 }
393
394 if (!isset ($_POST['alias']) ||
395 !isset ($_POST['destination']) ||
396 !isset ($_POST['password']))
397 {
398 echo 'Error 15';
399 exit;
400 }
401
402 echo jirafeau_alias_create ($_POST['alias'],
403 $_POST['destination'],
404 $_POST['password'],
405 $ip);
406 }
407 /* Get alias. */
408 elseif (isset ($_GET['alias_get']))
409 {
410 if (!isset ($_POST['alias']))
411 {
412 echo 'Error 16';
413 exit;
414 }
415
416 echo jirafeau_alias_get ($_POST['alias']);
417 }
418 /* Update alias. */
419 elseif (isset ($_GET['alias_update']))
420 {
421 if (!isset ($_POST['alias']) ||
422 !isset ($_POST['destination']) ||
423 !isset ($_POST['password']))
424 {
425 echo 'Error 17';
426 exit;
427 }
428
429 $new_password = '';
430 if (isset ($_POST['new_password']))
431 $new_password = $_POST['new_password'];
432
433 echo jirafeau_alias_update ($_POST['alias'],
434 $_POST['destination'],
435 $_POST['password'],
436 $new_password,
437 get_ip_address($cfg));
438 }
439 /* Delete alias. */
440 elseif (isset ($_GET['alias_delete']))
441 {
442 if (!isset ($_POST['alias']) ||
443 !isset ($_POST['password']))
444 {
445 echo 'Error 18';
446 exit;
447 }
448
449 echo jirafeau_alias_delete ($_POST['alias'],
450 $_POST['password']);
451 }
452 /* Initialize an asynchronous upload. */
453 elseif (isset ($_GET['init_async']))
454 {
455 if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg)))
456 {
457 echo 'Error 19';
458 exit;
459 }
460
461 if (jirafeau_has_upload_password ($cfg) &&
462 (!isset ($_POST['upload_password']) ||
463 !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password'])))
464 {
465 echo 'Error 20';
466 exit;
467 }
468
469 if (!isset ($_POST['filename']))
470 {
471 echo 'Error 21';
472 exit;
473 }
474
475 $type = '';
476 if (isset ($_POST['type']))
477 $type = $_POST['type'];
478
479 $key = '';
480 if (isset ($_POST['key']))
481 $key = $_POST['key'];
482
483 $time = time ();
484 if (!isset ($_POST['time']) || !$cfg['availabilities'][$_POST['time']])
485 {
486 echo 'Error 22';
487 exit;
488 }
489 else
490 switch ($_POST['time'])
491 {
492 case 'minute':
493 $time += JIRAFEAU_MINUTE;
494 break;
495 case 'hour':
496 $time += JIRAFEAU_HOUR;
497 break;
498 case 'day':
499 $time += JIRAFEAU_DAY;
500 break;
501 case 'week':
502 $time += JIRAFEAU_WEEK;
503 break;
504 case 'month':
505 $time += JIRAFEAU_MONTH;
506 break;
507 case 'year':
508 $time += JIRAFEAU_YEAR;
509 break;
510 default:
511 $time = JIRAFEAU_INFINITY;
512 break;
513 }
514 echo jirafeau_async_init ($_POST['filename'],
515 $type,
516 isset ($_POST['one_time_download']),
517 $key,
518 $time,
519 get_ip_address($cfg));
520 }
521 /* Continue an asynchronous upload. */
522 elseif (isset ($_GET['push_async']))
523 {
524 if ((!isset ($_POST['ref']))
525 || (!isset ($_FILES['data']))
526 || (!isset ($_POST['code'])))
527 echo 'Error 23';
528 else
529 {
530 echo jirafeau_async_push ($_POST['ref'],
531 $_FILES['data'],
532 $_POST['code'],
533 $cfg['maximal_upload_size']);
534 }
535 }
536 /* Finalize an asynchronous upload. */
537 elseif (isset ($_GET['end_async']))
538 {
539 if (!isset ($_POST['ref'])
540 || !isset ($_POST['code']))
541 echo 'Error 24';
542 else
543 echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']);
544 }
545 else
546 echo 'Error 25';
547 exit;
548 ?>

patrick-canterino.de