X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/bfbbf72959faa385b97d250484be1d25e4fd22aa..1066fd240bd13bd8cd475c4f8c16689646694af7:/script.php
diff --git a/script.php b/script.php
index 99ebfeb..8ebcce3 100644
--- a/script.php
+++ b/script.php
@@ -25,8 +25,8 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
- global $script_langages;
- $script_langages = array('bash' => 'Bash');
+global $script_langages;
+$script_langages = array('bash' => 'Bash');
/* Operations may take a long time.
* Be sure PHP's safe mode is off.
@@ -44,7 +44,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count($_GET) == 0) {
Scripting interface
This interface permits to script your uploads and downloads.
-
See source code of this interface to get available calls :)
+
See source code of this interface to get available calls :)
You may download a preconfigured Bash Script to easily send to and get files from the API via command line.
@@ -81,6 +81,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$time = time();
@@ -113,7 +122,7 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
case 'year':
$time += JIRAFEAU_YEAR;
break;
- default:
+ default:
$time = JIRAFEAU_INFINITY;
break;
}
@@ -166,6 +175,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
$d = '';
if (isset($_GET['d'])) {
@@ -407,8 +425,8 @@ fi
}
/* Initialize an asynchronous upload. */
elseif (isset($_GET['init_async'])) {
- if (jirafeau_user_session_logged()) {}
- elseif (isset($_POST['upload_password'])) {
+ if (jirafeau_user_session_logged()) {
+ } elseif (isset($_POST['upload_password'])) {
if (!jirafeau_challenge_upload($cfg, get_ip_address($cfg), $_POST['upload_password'])) {
echo 'Error 20: Invalid password';
exit;
@@ -433,6 +451,15 @@ elseif (isset($_GET['init_async'])) {
$key = '';
if (isset($_POST['key'])) {
$key = $_POST['key'];
+ if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex') {
+ if (!preg_match($cfg['download_password_policy_regex'], $key)) {
+ echo 'Error 14: The download password is not complying to the security standards.';
+ exit;
+ }
+ }
+ } elseif ($cfg['download_password_requirement'] !== 'optional') {
+ echo 'Error 13: The parameter password is required.';
+ exit;
}
// Check if one time download is enabled