X-Git-Url: https://git.p6c8.net/jirafeau_project.git/blobdiff_plain/f58031f40640cc7c243a32d2c3515210ef4ed282..d9647e1afea29401470efd68730d2562659be006:/script.php?ds=sidebyside diff --git a/script.php b/script.php index a3568ee..1c154b1 100644 --- a/script.php +++ b/script.php @@ -82,6 +82,19 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0) echo '

'; echo t('Example') . ": " . $web_root . "script.php?get_capacity=1 "; echo '

'; + + echo '

' . t('Maximal allowed size of an uploaded file') . ':

'; + echo '

'; + echo t('Send a GET query to') . ': ' . $web_root . 'script.php
'; + echo '
'; + echo t('Parameters') . ':
'; + echo "get_maximal_upload_size=1 (" . t('Required') . ")
"; + echo '

'; + echo '

' . t('This will return brut text content.') . ' ' . + t('First line returns size (in MB).') . '

'; + echo '

'; + echo t('Example') . ": " . $web_root . "script.php?get_maximal_upload_size=1 "; + echo '

'; echo '

' . t('Upload a file') . ':

'; echo '

'; @@ -122,12 +135,12 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0) echo "h=your_download_reference (" . t('Required') . ")
"; echo "d=yout_delete_code (" . t('Required') . ")
"; echo '

'; - echo '

' . t('This will return "Ok" if succeded, "Error" otherwhise.') . '

'; + echo '

' . t('This will return "Ok" if succeeded, "Error" otherwhise.') . '

'; echo '

'; echo t('Example') . ": " . $web_root . "script.php?h=30ngy0hsDcpfrF8zR7x9iU&d=0d210a952 "; echo '

'; - echo '

' . t('Get a generated scripts') . ':

'; + echo '

' . t('Get a generated script') . ':

'; echo '

'; echo t('Send a GET query to') . ': ' . $web_root . 'script.php
'; echo '
'; @@ -144,9 +157,9 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0) echo "$name: " . $web_root . "script.php?lang=$lang "; echo '

'; - echo '

' . t('Initalize an asynchronous transfert') . ':

'; + echo '

' . t('Initalize an asynchronous transfer') . ':

'; echo '

'; - echo t('The goal is to permit to transfert big file, chunk by chunk.') . ' '; + echo t('The goal is to permit to transfer big file, chunk by chunk.') . ' '; echo t('Chunks of data must be sent in order.'); echo '

'; echo '

'; @@ -161,9 +174,9 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0) echo "upload_password=your_upload_password (" . t('Optional') . ")
"; echo '

'; echo '

' . t('This will return brut text content.') . ' ' . - t('First line is the asynchronous transfert reference and the second line the code to use in the next operation.') . '

'; + t('First line is the asynchronous transfer reference and the second line the code to use in the next operation.') . '

'; - echo '

' . t('Push data during asynchronous transfert') . ':

'; + echo '

' . t('Push data during asynchronous transfer') . ':

'; echo '

'; echo t('Send a GET query to') . ': ' . $web_root . 'script.php?push_async
'; echo '
'; @@ -175,7 +188,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET" && count ($_GET) == 0) echo '

' . t('This will return brut text content.') . ' ' . t('Returns the next code to use.') . '

'; - echo '

' . t('Finalize asynchronous transfert') . ':

'; + echo '

' . t('Finalize asynchronous transfer') . ':

'; echo '

'; echo t('Send a GET query to') . ': ' . $web_root . 'script.php?end_async
'; echo '
'; @@ -205,6 +218,12 @@ if (has_error ()) if (isset ($_FILES['file']) && is_writable (VAR_FILES) && is_writable (VAR_LINKS)) { + if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg))) + { + echo "Error"; + exit; + } + if (jirafeau_has_upload_password ($cfg) && (!isset ($_POST['upload_password']) || !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))) @@ -248,10 +267,19 @@ if (isset ($_FILES['file']) && is_writable (VAR_FILES) $time = JIRAFEAU_INFINITY; break; } + + // Check file size + if ($cfg['maximal_upload_size'] > 0 && + $_FILES['file']['size'] > $cfg['maximal_upload_size'] * 1024 * 1024) + { + echo "Error"; + exit; + } + $res = jirafeau_upload ($_FILES['file'], isset ($_POST['one_time_download']), - $key, $time, $_SERVER['REMOTE_ADDR'], - $cfg['enable_crypt'], $cfg['link_name_lenght']); + $key, $time, get_ip_address($cfg), + $cfg['enable_crypt'], $cfg['link_name_length']); if (empty($res) || $res['error']['has_error']) { @@ -336,6 +364,10 @@ elseif (isset ($_GET['get_capacity'])) echo min (jirafeau_ini_to_bytes (ini_get ('post_max_size')), jirafeau_ini_to_bytes (ini_get ('upload_max_filesize'))); } +elseif (isset ($_GET['get_maximal_upload_size'])) +{ + echo $cfg['maximal_upload_size']; +} elseif (isset ($_GET['get_version'])) { echo JIRAFEAU_VERSION; @@ -479,6 +511,12 @@ fi /* Initialize an asynchronous upload. */ elseif (isset ($_GET['init_async'])) { + if (!jirafeau_challenge_upload_ip ($cfg, get_ip_address($cfg))) + { + echo "Error"; + exit; + } + if (jirafeau_has_upload_password ($cfg) && (!isset ($_POST['upload_password']) || !jirafeau_challenge_upload_password ($cfg, $_POST['upload_password']))) @@ -537,7 +575,7 @@ elseif (isset ($_GET['init_async'])) isset ($_POST['one_time_download']), $key, $time, - $_SERVER['REMOTE_ADDR']); + get_ip_address($cfg)); } /* Continue an asynchronous upload. */ elseif (isset ($_GET['push_async'])) @@ -547,7 +585,12 @@ elseif (isset ($_GET['push_async'])) || (!isset ($_POST['code']))) echo "Error"; else - echo jirafeau_async_push ($_POST['ref'], $_FILES['data'], $_POST['code']); + { + echo jirafeau_async_push ($_POST['ref'], + $_FILES['data'], + $_POST['code'], + $cfg['maximal_upload_size']); + } } /* Finalize an asynchronous upload. */ elseif (isset ($_GET['end_async'])) @@ -556,7 +599,7 @@ elseif (isset ($_GET['end_async'])) || !isset ($_POST['code'])) echo "Error"; else - echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_lenght']); + echo jirafeau_async_end ($_POST['ref'], $_POST['code'], $cfg['enable_crypt'], $cfg['link_name_length']); } else echo "Error";