X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/6f8b5fe4757b151a042ea83adbce2eb6c218d104..db2c9c7773cd5d14b732689b2e844e62d2773be5:/lib/functions.php?ds=sidebyside diff --git a/lib/functions.php b/lib/functions.php index d844e50..3a50eac 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -374,7 +374,7 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l return (array( 'error' => array('has_error' => true, - 'why' => t('Internal error during file creation.')), + 'why' => t('INTERNAL_ERROR_DEL')), 'link' =>'', 'delete_link' => '')); } @@ -513,7 +513,7 @@ function check_errors($cfg) } if (!is_writable(VAR_ASYNC)) { - add_error(t('The async directory is not writable!'), VAR_ASYNC); + add_error(t('ASYNC_DIR_W'), VAR_ASYNC); } } @@ -553,28 +553,28 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) { echo '
'; if (!empty($name)) { - echo t('Filename') . ": $name "; + echo t('FILENAME') . ": $name "; } if (!empty($file_hash)) { - echo t('file') . ": $file_hash "; + echo t('FILE') . ": $file_hash "; } if (!empty($link_hash)) { - echo t('link') . ": $link_hash "; + echo t('LINK') . ": $link_hash "; } if (empty($name) && empty($file_hash) && empty($link_hash)) { - echo t('List all files'); + echo t('LS_FILES'); } echo ''; echo ''; echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; echo ''; /* Get all links files. */ @@ -597,7 +597,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) } /* Filter. */ - if (!empty($name) && !preg_match("/$name/i", htmlspecialchars($l['file_name']))) { + if (!empty($name) && !preg_match("/$name/i", jirafeau_escape($l['file_name']))) { continue; } if (!empty($file_hash) && $file_hash != $l['md5']) { @@ -609,10 +609,10 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo ''; echo ''; - echo ''; + echo ''; echo ''; echo ''; echo ''; echo ''; @@ -1070,22 +1070,26 @@ function jirafeau_challenge_upload_password($cfg, $password) /** * Test if visitor's IP is authorized to upload. - * @param $ip IP to be challenged + * + * @param $allowedIpList array of allowed IPs + * @param $challengedIp IP to be challenged * @return true if IP is authorized, false otherwise. */ -function jirafeau_challenge_upload_ip($cfg, $ip) +function jirafeau_challenge_upload_ip($allowedIpList, $challengedIp) { - if (count($cfg['upload_ip']) == 0) { + // skip if list is empty = all IPs allowed + if (count($allowedIpList) == 0) { return true; } - foreach ($cfg['upload_ip'] as $i) { - if ($i == $ip) { + // test given IP against each allowed IP + foreach ($allowedIpList as $i) { + if ($i == $challengedIp) { return true; } // CIDR test for IPv4 only. if (strpos($i, '/') !== false) { list($subnet, $mask) = explode('/', $i); - if ((ip2long($ip) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { + if ((ip2long($challengedIp) & ~((1 << (32 - $mask)) - 1)) == ip2long($subnet)) { return true; } } @@ -1210,185 +1214,6 @@ function hex_to_base64($hex) return base64_encode($b); } -/** - * Read alias informations - * @return array containing informations. - */ -function jirafeau_get_alias($hash) -{ - $out = array(); - $link = VAR_ALIAS . s2p("$hash") . $hash; - - if (!file_exists($link)) { - return $out; - } - - $c = file($link); - $out['md5_password'] = trim($c[0]); - $out['ip'] = trim($c[1]); - $out['update_date'] = trim($c[2]); - $out['destination'] = trim($c[3], NL); - - return $out; -} - -/** Create an alias to a jirafeau's link. - * @param $alias alias name - * @param $destination reference of the destination - * @param $password password to protect alias - * @param $ip client's IP - * @return a string containing the edit code of the alias or the string "Error" - */ -function jirafeau_alias_create($alias, $destination, $password, $ip) -{ - /* Check that alias and password are long enough. */ - if (strlen($alias) < 8 || - strlen($alias) > 32 || - strlen($password) < 8 || - strlen($password) > 32) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($destination); - if (!count($l)) { - return 'Error'; - } - - /* Check that alias does not already exists. */ - $alias = md5($alias); - $p = VAR_ALIAS . s2p($alias); - if (file_exists($p)) { - return 'Error'; - } - - /* Create alias folder. */ - @mkdir($p, 0755, true); - if (!file_exists($p)) { - return 'Error'; - } - - /* Generate password. */ - $md5_password = md5($password); - - /* Store informations. */ - $p .= $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $md5_password . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - - return 'Ok'; -} - -/** Update an alias. - * @param $alias alias to update - * @param $destination reference of the new destination - * @param $password password to protect alias - * @param $new_password optional new password to protect alias - * @param $ip client's IP - * @return "Ok" or "Error" string - */ -function jirafeau_alias_update($alias, $destination, $password, - $new_password, $ip) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($a["destination"]); - if (!count($l)) { - return 'Error'; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - $p = $a['md5_password']; - if (strlen($new_password) >= 8 && - strlen($new_password) <= 32) { - $p = md5($new_password); - } elseif (strlen($new_password) > 0) { - return 'Error'; - } - - /* Rewrite informations. */ - $p = VAR_ALIAS . s2p($alias) . $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $p . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - return 'Ok'; -} - -/** Get an alias. - * @param $alias alias to get - * @return alias destination or "Error" string - */ -function jirafeau_alias_get($alias) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - return $a['destination']; -} - -function jirafeau_clean_rm_alias($alias) -{ - $p = s2p("$alias"); - if (file_exists(VAR_ALIAS . $p . $alias)) { - unlink(VAR_ALIAS . $p . $alias); - } - $parse = VAR_ALIAS . $p; - $scan = array(); - while (file_exists($parse) - && ($scan = scandir($parse)) - && count($scan) == 2 // '.' and '..' folders => empty. - && basename($parse) != basename(VAR_ALIAS)) { - rmdir($parse); - $parse = substr($parse, 0, strlen($parse) - strlen(basename($parse)) - 1); - } -} - -/** Delete an alias. - * @param $alias alias to delete - * @param $password password to protect alias - * @return "Ok" or "Error" string - */ -function jirafeau_alias_delete($alias, $password) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return "Error"; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - jirafeau_clean_rm_alias($alias); - return 'Ok'; -} - /** * Replace markers in templates. * @@ -1418,3 +1243,8 @@ function jirafeau_replace_markers($content, $htmllinebreaks = false) return $content; } + +function jirafeau_escape($string) +{ + return htmlspecialchars($string, ENT_QUOTES); +}
' . t('Filename') . '' . t('Type') . '' . t('Size') . '' . t('Expire') . '' . t('Onetime') . '' . t('Upload date') . '' . t('Origin') . '' . t('Action') . '' . t('FILENAME') . '' . t('TYPE') . '' . t('SIZE') . '' . t('EXPIRE') . '' . t('ONETIME') . '' . t('UPLOAD_DATE') . '' . t('ORIGIN') . '' . t('ACTION') . '
' . - '' . htmlspecialchars($l['file_name']) . ''; + '' . jirafeau_escape($l['file_name']) . ''; echo '' . $l['mime_type'] . '' . jirafeau_escape($l['mime_type']) . '' . jirafeau_human_size($l['file_size']) . '' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . ''; @@ -628,17 +628,17 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) '
' . '' . '' . - '' . + '' . '
' . '
' . '' . '' . - '' . + '' . '
' . '
' . '' . '' . - '' . + '' . '
' . '