X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/17d5977bf8d24a1b0abb5f52a8453322f21a994d..a046e3b04175367c1afadd306513414fa61ba3fd:/script.php diff --git a/script.php b/script.php index b861a47..c0cee68 100644 --- a/script.php +++ b/script.php @@ -1,7 +1,9 @@ * Copyright (C) 2015 Jerome Jutteau + * Copyright (C) 2024 Jirafeau project (see AUTHORS.md) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -44,7 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {

Scripting interface

This interface permits to script your uploads and downloads.

-

See source code of this interface to get available calls :)

+

See source code of this interface to get available calls :)

You may download a preconfigured Bash Script to easily send to and get files from the API via command line.


@@ -81,42 +83,22 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES) $key = ''; if (isset($_POST['key'])) { $key = $_POST['key']; + if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') { + if (!preg_match($cfg['download_password_policy_regex'], $key)) { + echo 'Error 14: The download password is not complying to the security standards.'; + exit; + } + } + } elseif ($cfg['download_password_requirement'] !== 'optional') { + echo 'Error 13: The parameter password is required.'; + exit; } - $time = time(); if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) { echo 'Error 4: The parameter time is invalid.'; exit; } else { - switch ($_POST['time']) { - case 'minute': - $time += JIRAFEAU_MINUTE; - break; - case 'hour': - $time += JIRAFEAU_HOUR; - break; - case 'day': - $time += JIRAFEAU_DAY; - break; - case 'week': - $time += JIRAFEAU_WEEK; - break; - case 'fortnight': - $time += JIRAFEAU_FORTNIGHT; - break; - case 'month': - $time += JIRAFEAU_MONTH; - break; - case 'quarter': - $time += JIRAFEAU_QUARTER; - break; - case 'year': - $time += JIRAFEAU_YEAR; - break; - default: - $time = JIRAFEAU_INFINITY; - break; - } + $time = jirafeau_datestr_to_int($_POST['time']); } // Check file size @@ -166,6 +148,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES) $key = ''; if (isset($_POST['key'])) { $key = $_POST['key']; + if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') { + if (!preg_match($cfg['download_password_policy_regex'], $key)) { + echo 'Error 14: The download password is not complying to the security standards.'; + exit; + } + } + } elseif ($cfg['download_password_requirement'] !== 'optional') { + echo 'Error 13: The parameter password is required.'; + exit; } $d = ''; if (isset($_GET['d'])) { @@ -433,6 +424,15 @@ elseif (isset($_GET['init_async'])) { $key = ''; if (isset($_POST['key'])) { $key = $_POST['key']; + if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') { + if (!preg_match($cfg['download_password_policy_regex'], $key)) { + echo 'Error 14: The download password is not complying to the security standards.'; + exit; + } + } + } elseif ($cfg['download_password_requirement'] !== 'optional') { + echo 'Error 13: The parameter password is required.'; + exit; } // Check if one time download is enabled @@ -441,40 +441,11 @@ elseif (isset($_GET['init_async'])) { exit; } - $time = time(); if (!isset($_POST['time']) || !$cfg['availabilities'][$_POST['time']]) { echo 'Error 22'; exit; } else { - switch ($_POST['time']) { - case 'minute': - $time += JIRAFEAU_MINUTE; - break; - case 'hour': - $time += JIRAFEAU_HOUR; - break; - case 'day': - $time += JIRAFEAU_DAY; - break; - case 'week': - $time += JIRAFEAU_WEEK; - break; - case 'fortnight': - $time += JIRAFEAU_FORTNIGHT; - break; - case 'month': - $time += JIRAFEAU_MONTH; - break; - case 'quarter': - $time += JIRAFEAU_QUARTER; - break; - case 'year': - $time += JIRAFEAU_YEAR; - break; - default: - $time = JIRAFEAU_INFINITY; - break; - } + $time = jirafeau_datestr_to_int($_POST['time']); } if ($cfg['store_uploader_ip']) {