X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/3426456f3f8fcecd88b76f17f645b25969787f05..d8f36ea1fdc5bcfff3f193fea7625e7c2afd49d9:/script.php?ds=sidebyside
diff --git a/script.php b/script.php
index 2cc716b..9b8a104 100644
--- a/script.php
+++ b/script.php
@@ -25,15 +25,13 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
- global $script_langages;
- $script_langages = array('bash' => 'Bash');
+global $script_langages;
+$script_langages = array('bash' => 'Bash');
/* Operations may take a long time.
* Be sure PHP's safe mode is off.
*/
@set_time_limit(0);
-/* Remove errors. */
-@error_reporting(0);
if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
require(JIRAFEAU_ROOT . 'lib/template/header.php');
@@ -46,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
Scripting interface
This interface permits to script your uploads and downloads.
-
See source code of this interface to get available calls :)
+
See source code of this interface to get available calls :)
You may download a preconfigured Bash Script to easily send to and get files from the API via command line.
@@ -64,23 +62,34 @@ if (has_error()) {
exit;
}
+session_start();
+
/* Upload file */
if (isset($_FILES['file']) && is_writable(VAR_FILES)
&& is_writable(VAR_LINKS)) {
- if (isset ($_POST['upload_password'])) {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
+ if (!jirafeau_user_session_logged()) {
+ if (isset($_POST['upload_password']) &&
+ !jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 3: Invalid password';
exit;
- }
- } else {
- if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
+ } elseif (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), null)) {
echo 'Error 2: No password nor allowed IP';
exit;
}
}
+
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+ if (!preg_match($cfg['download_password_policy_regex'], $key)){
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ }elseif ($cfg['download_password_requirement'] !== 'optional'){
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$time = time();
@@ -101,6 +110,9 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
case 'week':
$time += JIRAFEAU_WEEK;
break;
+ case 'fortnight':
+ $time += JIRAFEAU_FORTNIGHT;
+ break;
case 'month':
$time += JIRAFEAU_MONTH;
break;
@@ -110,7 +122,7 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
case 'year':
$time += JIRAFEAU_YEAR;
break;
- default:
+ default:
$time = JIRAFEAU_INFINITY;
break;
}
@@ -129,11 +141,22 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
exit;
}
- $res = jirafeau_upload($_FILES['file'],
- isset($_POST['one_time_download']),
- $key, $time, get_ip_address($cfg),
- $cfg['enable_crypt'], $cfg['link_name_length'],
- $cfg['file_hash']);
+ if ($cfg['store_uploader_ip']) {
+ $ip = get_ip_address($cfg);
+ } else {
+ $ip = "";
+ }
+
+ $res = jirafeau_upload(
+ $_FILES['file'],
+ isset($_POST['one_time_download']),
+ $key,
+ $time,
+ $ip,
+ $cfg['enable_crypt'],
+ $cfg['link_name_length'],
+ $cfg['file_hash']
+ );
if (empty($res) || $res['error']['has_error']) {
echo 'Error 6 ' . $res['error']['why'];
@@ -152,6 +175,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+ if (!preg_match($cfg['download_password_policy_regex'], $key)){
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ }elseif ($cfg['download_password_requirement'] !== 'optional'){
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$d = '';
if (isset($_GET['d'])) {
@@ -198,7 +230,6 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
$r = fopen(VAR_FILES . $p . $link['hash'], 'r');
while (!feof($r)) {
print fread($r, 1024);
- ob_flush();
}
fclose($r);
@@ -249,8 +280,8 @@ if [ -n "$JIRAFEAU_ONE_TIME" ]; then
one_time='1'
fi
-if [ -n "$UPLOAD_PASSWD" ]; then
- upload_password="$JIRAFEAU_UPLOAD_PASSWORD"
+if [ -n "$JIRAFEAU_UPLOAD_PASSWD" ]; then
+ upload_password="$JIRAFEAU_UPLOAD_PASSWD"
fi
if [ -z "$curl" ]; then
@@ -282,9 +313,9 @@ if [ -z "$2" ]; then
echo " $0 delete URL"
echo
echo "Global variables to export:"
- echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxysever.example.com:3128«"
+ echo " JIRAFEAU_PROXY: Domain and port of proxy server, eg. »proxyserver.example.com:3128«"
echo " JIRAFEAU_URL : URI to Jirafeau installation with trailing slash, eg. »https://example.com/jirafeau/«"
- echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, »month«, »quarter«, »year« or »none«"
+ echo " JIRAFEAU_TIME : expiration time, eg. »minute«, »hour«, »day«, »week«, fortnight, »month«, »quarter«, »year« or »none«"
echo " JIRAFEAU_ONE_TIME : self-destroy after first download, eg. »1« to enable or »« (empty) to disable"
echo " JIRAFEAU_CURL : alternative path to curl binary"
echo " JIRAFEAU_UPLOAD_PASSWD : upload password"
@@ -370,12 +401,12 @@ if [ "$1" == "send" ]; then
echo
echo "Download via API:"
if [[ $key_code ]]; then
- echo " ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD}"
+ echo " ${0} get ${url}${apipage}?h=$code&k=$key_code [PASSWORD]"
else
- echo " ${0} get ${url}${apipage}?h=$code [PASSWORD}"
+ echo " ${0} get ${url}${apipage}?h=$code [PASSWORD]"
fi
echo "Delete via API:"
- echo " ${0} delete ${url}${downloadpage}?h=$code&d=$del_code"
+ echo " ${0} delete \"${url}${downloadpage}?h=$code&d=$del_code\""
elif [ "$1" == "get" ]; then
if [ -z "$password" ]; then
@@ -384,10 +415,9 @@ elif [ "$1" == "get" ]; then
$curl $proxy -OJ -X POST -F key=$password "$2"
fi
elif [ "$1" == "delete" ]; then
- $curl $proxy "$2"
+ $curl $proxy "$2" --data-raw "do_delete=1%2F" | grep "div class" |sed -e "s/<[^>]\+>//g"
fi