X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/2fa05274bd24134ecf87bda06ce2626483ec3513..48a4d0a7e7535a5c05a5f6d2dde44c1ec066d822:/lib/functions.php?ds=inline diff --git a/lib/functions.php b/lib/functions.php index 1800231..c0e0c72 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -614,7 +614,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash) continue; /* Filter. */ - if (!empty ($name) && !preg_match ("/$name/i", $l['file_name'])) + if (!empty ($name) && !preg_match ("/$name/i", htmlspecialchars($l['file_name']))) continue; if (!empty ($file_hash) && $file_hash != $l['md5']) continue; @@ -626,7 +626,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash) '
' . '' . '' . - '' . + '' . '
'; echo ''; echo '' . $l['mime_type'] . ''; @@ -770,7 +770,7 @@ jirafeau_get_async_ref ($ref) /** * Delete async transfert informations - */ + */ function jirafeau_async_delete ($ref) { @@ -1108,31 +1108,64 @@ function jirafeau_challenge_upload_ip ($cfg, $ip) return false; } +/** Tell if we have some HTTP headers generated by a proxy */ +function has_http_forwarded() +{ + if (!empty ($_SERVER['HTTP_X_FORWARDED_FOR'])) + return true; + if (!empty ($_SERVER['http_X_forwarded_for'])) + return true; + return false; +} + +/** + * Generate IP list from HTTP headers generated by a proxy + * @return array of IP strings + */ +function get_ip_list_http_forwarded() +{ + $ip_list = array(); + if (!empty ($_SERVER['HTTP_X_FORWARDED_FOR'])) + { + $l = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']); + foreach ($l as $ip) + array_push ($ip_list, preg_replace ('/\s+/', '', $ip)); + } + if (!empty ($_SERVER['http_X_forwarded_for'])) + { + $l = explode (',', $_SERVER['http_X_forwarded_for']); + foreach ($l as $ip) + { + // Separate IP from port + $ip = explode (':', $ip)[0]; + array_push ($ip_list, preg_replace ('/\s+/', '', $ip)); + } + } + return $ip_list; +} + /** * Get the ip address of the client from REMOTE_ADDR * or from HTTP_X_FORWARDED_FOR if behind a proxy - * @returns an the client ip address + * @returns the client ip address */ function get_ip_address($cfg) { - if (count ($cfg['proxy_ip']) == 0 || - empty ($_SERVER['HTTP_X_FORWARDED_FOR'])) - return $_SERVER['REMOTE_ADDR']; + $remote = $_SERVER['REMOTE_ADDR']; + if (count ($cfg['proxy_ip']) == 0 || !has_http_forwarded ()) + return $remote; - $iplist = explode (',', $_SERVER['HTTP_X_FORWARDED_FOR']); - if (count ($iplist) == 0) - return $_SERVER['REMOTE_ADDR']; + $ip_list = get_ip_list_http_forwarded (); + if (count ($ip_list) == 0) + return $remote; foreach ($cfg['proxy_ip'] as $proxy_ip) { - if ($_SERVER['REMOTE_ADDR'] != $proxy_ip) + if ($remote != $proxy_ip) continue; - - // Take the last IP (the one which has been set by our proxy). - $ip = end($iplist); - $ip = preg_replace ('/\s+/', '', $ip); - return $ip; + // Take the last IP (the one which has been set by the defined proxy). + return end ($ip_list); } - return $_SERVER['REMOTE_ADDR']; + return $remote; } /** @@ -1145,3 +1178,172 @@ function hex_to_base64($hex) $b .= chr (hexdec ($pair)); return base64_encode ($b); } + +/** + * Read alias informations + * @return array containing informations. + */ +function +jirafeau_get_alias ($hash) +{ + $out = array (); + $link = VAR_ALIAS . s2p ("$hash") . $hash; + + if (!file_exists ($link)) + return $out; + + $c = file ($link); + $out['md5_password'] = trim ($c[0]); + $out['ip'] = trim ($c[1]); + $out['update_date'] = trim ($c[2]); + $out['destination'] = trim ($c[3], NL); + + return $out; +} + +/** Create an alias to a jirafeau's link. + * @param $alias alias name + * @param $destination reference of the destination + * @param $password password to protect alias + * @param $ip client's IP + * @return a string containing the edit code of the alias or the string "Error" + */ +function jirafeau_alias_create ($alias, $destination, $password, $ip) +{ + /* Check that alias and password are long enough. */ + if (strlen ($alias) < 8 || + strlen ($alias) > 32 || + strlen ($password) < 8 || + strlen ($password) > 32) + return "Error"; + + /* Check that destination exists. */ + $l = jirafeau_get_link ($destination); + if (!count ($l)) + return "Error"; + + /* Check that alias does not already exists. */ + $alias = md5 ($alias); + $p = VAR_ALIAS . s2p ($alias); + if (file_exists ($p)) + return "Error"; + + /* Create alias folder. */ + @mkdir ($p, 0755, true); + if (!file_exists ($p)) + return "Error"; + + /* Generate password. */ + $md5_password = md5 ($password); + + /* Store informations. */ + $p .= $alias; + $handle = fopen ($p, 'w'); + fwrite ($handle, + $md5_password . NL . + $ip . NL . + date ('U') . NL . + $destination . NL); + fclose ($handle); + + return "Ok"; +} + +/** Update an alias. + * @param $alias alias to update + * @param $destination reference of the new destination + * @param $password password to protect alias + * @param $new_password optional new password to protect alias + * @param $ip client's IP + * @return "Ok" or "Error" string + */ +function jirafeau_alias_update ($alias, $destination, $password, + $new_password, $ip) +{ + $alias = md5 ($alias); + /* Check that alias exits. */ + $a = jirafeau_get_alias ($alias); + if (!count ($a)) + return "Error"; + + /* Check that destination exists. */ + $l = jirafeau_get_link ($a["destination"]); + if (!count ($l)) + return "Error"; + + /* Check password. */ + if ($a["md5_password"] != md5 ($password)) + return "Error"; + + $p = $a["md5_password"]; + if (strlen ($new_password) >= 8 && + strlen ($new_password) <= 32) + $p = md5 ($new_password); + else if (strlen ($new_password) > 0) + return "Error"; + + /* Rewrite informations. */ + $p = VAR_ALIAS . s2p ($alias) . $alias; + $handle = fopen ($p, 'w'); + fwrite ($handle, + $p . NL . + $ip . NL . + date ('U') . NL . + $destination . NL); + fclose ($handle); + return "Ok"; +} + +/** Get an alias. + * @param $alias alias to get + * @return alias destination or "Error" string + */ +function jirafeau_alias_get ($alias) +{ + $alias = md5 ($alias); + /* Check that alias exits. */ + $a = jirafeau_get_alias ($alias); + if (!count ($a)) + return "Error"; + + return $a["destination"]; +} + +function jirafeau_clean_rm_alias ($alias) +{ + $p = s2p ("$alias"); + if (file_exists (VAR_ALIAS . $p . $alias)) + unlink (VAR_ALIAS . $p . $alias); + $parse = VAR_ALIAS . $p; + $scan = array(); + while (file_exists ($parse) + && ($scan = scandir ($parse)) + && count ($scan) == 2 // '.' and '..' folders => empty. + && basename ($parse) != basename (VAR_ALIAS)) + { + rmdir ($parse); + $parse = substr ($parse, 0, strlen($parse) - strlen(basename ($parse)) - 1); + } +} + +/** Delete an alias. + * @param $alias alias to delete + * @param $password password to protect alias + * @return "Ok" or "Error" string + */ +function jirafeau_alias_delete ($alias, $password) +{ + $alias = md5 ($alias); + /* Check that alias exits. */ + $a = jirafeau_get_alias ($alias); + if (!count ($a)) + return "Error"; + + /* Check password. */ + if ($a["md5_password"] != md5 ($password)) + return "Error"; + + jirafeau_clean_rm_alias ($alias); + return "Ok"; +} +