X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/b402561271f0de4f4c12fc8f8c7d51d12e0a3e5c..f07477cb289eb839af7255b25188765d5e49ad94:/lib/functions.php?ds=sidebyside diff --git a/lib/functions.php b/lib/functions.php index 7d15e1b..2817aa1 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -204,7 +204,7 @@ function jirafeau_ini_to_bytes($value) function jirafeau_get_max_upload_size_bytes() { return min(jirafeau_ini_to_bytes(ini_get('post_max_size')), - jirafeau_ini_to_bytes(ini_get('upload_max_filesize'))); + jirafeau_ini_to_bytes(ini_get('upload_max_filesize'))); } /** @@ -213,9 +213,7 @@ function jirafeau_get_max_upload_size_bytes() */ function jirafeau_get_max_upload_size() { - return jirafeau_human_size( - min(jirafeau_ini_to_bytes(ini_get('post_max_size')), - jirafeau_ini_to_bytes(ini_get('upload_max_filesize')))); + return jirafeau_human_size(jirafeau_get_max_upload_size_bytes()); } /** @@ -374,7 +372,7 @@ function jirafeau_upload($file, $one_time_download, $key, $time, $ip, $crypt, $l return (array( 'error' => array('has_error' => true, - 'why' => t('Internal error during file creation.')), + 'why' => t('INTERNAL_ERROR_DEL')), 'link' =>'', 'delete_link' => '')); } @@ -500,20 +498,17 @@ function check_errors($cfg) exit; } - /* check if the destination dirs are writable */ - $writable = is_writable(VAR_FILES) && is_writable(VAR_LINKS); - /* Checking for errors. */ if (!is_writable(VAR_FILES)) { - add_error(t('The file directory is not writable!'), VAR_FILES); + add_error(t('FILE_DIR_W'), VAR_FILES); } if (!is_writable(VAR_LINKS)) { - add_error(t('The link directory is not writable!'), VAR_LINKS); + add_error(t('LINK_DIR_W'), VAR_LINKS); } if (!is_writable(VAR_ASYNC)) { - add_error(t('The async directory is not writable!'), VAR_ASYNC); + add_error(t('ASYNC_DIR_W'), VAR_ASYNC); } } @@ -553,28 +548,28 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) { echo '
'; if (!empty($name)) { - echo t('Filename') . ": $name "; + echo t('FILENAME') . ": " . jirafeau_escape($name); } if (!empty($file_hash)) { - echo t('file') . ": $file_hash "; + echo t('FILE') . ": " . jirafeau_escape($file_hash); } if (!empty($link_hash)) { - echo t('link') . ": $link_hash "; + echo t('LINK') . ": " . jirafeau_escape($link_hash); } if (empty($name) && empty($file_hash) && empty($link_hash)) { - echo t('List all files'); + echo t('LS_FILES'); } echo ''; echo ''; echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; echo ''; /* Get all links files. */ @@ -597,7 +592,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) } /* Filter. */ - if (!empty($name) && !preg_match("/$name/i", htmlspecialchars($l['file_name']))) { + if (!empty($name) && !@preg_match("/$name/i", jirafeau_escape($l['file_name']))) { continue; } if (!empty($file_hash) && $file_hash != $l['md5']) { @@ -609,10 +604,10 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) /* Print link informations. */ echo ''; echo ''; - echo ''; + echo ''; echo ''; echo ''; echo ''; echo ''; @@ -1110,6 +1108,21 @@ function jirafeau_challenge_upload ($cfg, $ip, $password) return true; } + // Allow if ip is in array (no password) + foreach ($cfg['upload_ip_nopassword'] as $i) { + if ($i == $ip) { + return true; + } + // CIDR test for IPv4 only. + if (strpos ($i, '/') !== false) + { + list ($subnet, $mask) = explode('/', $i); + if ((ip2long ($ip) & ~((1 << (32 - $mask)) - 1) ) == ip2long ($subnet)) { + return true; + } + } + } + // Allow if ip is in array foreach ($cfg['upload_ip'] as $i) { if ($i == $ip) { @@ -1214,185 +1227,6 @@ function hex_to_base64($hex) return base64_encode($b); } -/** - * Read alias informations - * @return array containing informations. - */ -function jirafeau_get_alias($hash) -{ - $out = array(); - $link = VAR_ALIAS . s2p("$hash") . $hash; - - if (!file_exists($link)) { - return $out; - } - - $c = file($link); - $out['md5_password'] = trim($c[0]); - $out['ip'] = trim($c[1]); - $out['update_date'] = trim($c[2]); - $out['destination'] = trim($c[3], NL); - - return $out; -} - -/** Create an alias to a jirafeau's link. - * @param $alias alias name - * @param $destination reference of the destination - * @param $password password to protect alias - * @param $ip client's IP - * @return a string containing the edit code of the alias or the string "Error" - */ -function jirafeau_alias_create($alias, $destination, $password, $ip) -{ - /* Check that alias and password are long enough. */ - if (strlen($alias) < 8 || - strlen($alias) > 32 || - strlen($password) < 8 || - strlen($password) > 32) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($destination); - if (!count($l)) { - return 'Error'; - } - - /* Check that alias does not already exists. */ - $alias = md5($alias); - $p = VAR_ALIAS . s2p($alias); - if (file_exists($p)) { - return 'Error'; - } - - /* Create alias folder. */ - @mkdir($p, 0755, true); - if (!file_exists($p)) { - return 'Error'; - } - - /* Generate password. */ - $md5_password = md5($password); - - /* Store informations. */ - $p .= $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $md5_password . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - - return 'Ok'; -} - -/** Update an alias. - * @param $alias alias to update - * @param $destination reference of the new destination - * @param $password password to protect alias - * @param $new_password optional new password to protect alias - * @param $ip client's IP - * @return "Ok" or "Error" string - */ -function jirafeau_alias_update($alias, $destination, $password, - $new_password, $ip) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - /* Check that destination exists. */ - $l = jirafeau_get_link($a["destination"]); - if (!count($l)) { - return 'Error'; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - $p = $a['md5_password']; - if (strlen($new_password) >= 8 && - strlen($new_password) <= 32) { - $p = md5($new_password); - } elseif (strlen($new_password) > 0) { - return 'Error'; - } - - /* Rewrite informations. */ - $p = VAR_ALIAS . s2p($alias) . $alias; - $handle = fopen($p, 'w'); - fwrite($handle, - $p . NL . - $ip . NL . - time() . NL . - $destination . NL); - fclose($handle); - return 'Ok'; -} - -/** Get an alias. - * @param $alias alias to get - * @return alias destination or "Error" string - */ -function jirafeau_alias_get($alias) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return 'Error'; - } - - return $a['destination']; -} - -function jirafeau_clean_rm_alias($alias) -{ - $p = s2p("$alias"); - if (file_exists(VAR_ALIAS . $p . $alias)) { - unlink(VAR_ALIAS . $p . $alias); - } - $parse = VAR_ALIAS . $p; - $scan = array(); - while (file_exists($parse) - && ($scan = scandir($parse)) - && count($scan) == 2 // '.' and '..' folders => empty. - && basename($parse) != basename(VAR_ALIAS)) { - rmdir($parse); - $parse = substr($parse, 0, strlen($parse) - strlen(basename($parse)) - 1); - } -} - -/** Delete an alias. - * @param $alias alias to delete - * @param $password password to protect alias - * @return "Ok" or "Error" string - */ -function jirafeau_alias_delete($alias, $password) -{ - $alias = md5($alias); - /* Check that alias exits. */ - $a = jirafeau_get_alias($alias); - if (!count($a)) { - return "Error"; - } - - /* Check password. */ - if ($a["md5_password"] != md5($password)) { - return 'Error'; - } - - jirafeau_clean_rm_alias($alias); - return 'Ok'; -} - /** * Replace markers in templates. * @@ -1422,3 +1256,34 @@ function jirafeau_replace_markers($content, $htmllinebreaks = false) return $content; } + +function jirafeau_escape($string) +{ + return htmlspecialchars($string, ENT_QUOTES); +} + +function jirafeau_admin_session_start() +{ + $_SESSION['admin_auth'] = true; + $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true)); +} + +function jirafeau_admin_session_end() +{ + $_SESSION = array(); + session_destroy(); +} + +function jirafeau_admin_session_logged() +{ + return isset($_SESSION['admin_auth']) && + isset($_SESSION['admin_csrf']) && + isset($_POST['admin_csrf']) && + $_SESSION['admin_auth'] === true && + $_SESSION['admin_csrf'] === $_POST['admin_csrf']; +} + +function jirafeau_admin_csrf_field() +{ + return ""; +}
' . t('Filename') . '' . t('Type') . '' . t('Size') . '' . t('Expire') . '' . t('Onetime') . '' . t('Upload date') . '' . t('Origin') . '' . t('Action') . '' . t('FILENAME') . '' . t('TYPE') . '' . t('SIZE') . '' . t('EXPIRE') . '' . t('ONETIME') . '' . t('UPLOAD_DATE') . '' . t('ORIGIN') . '' . t('ACTION') . '
' . - '' . htmlspecialchars($l['file_name']) . ''; + '' . jirafeau_escape($l['file_name']) . ''; echo '' . $l['mime_type'] . '' . jirafeau_escape($l['mime_type']) . '' . jirafeau_human_size($l['file_size']) . '' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . ''; @@ -628,17 +623,20 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) '
' . '' . '' . - '' . + jirafeau_admin_csrf_field() . + '' . '
' . '
' . '' . '' . - '' . + jirafeau_admin_csrf_field() . + '' . '
' . '
' . '' . '' . - '' . + jirafeau_admin_csrf_field() . + '' . '
' . '