Pomf
/
uguu
1
1
Fork 0
Code Issues Pull Requests 1 Projects Releases 11 Wiki Activity
Browse Source

changes

remotes/r4jeshwar/master
Go Johansson 5 months ago
parent
99a7284a22
commit
0f8d4e9ce3
7 changed files with 14 additions and 601 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      static/php/api.php
  2. 83
      static/php/classes/Core.php
  3. 259
      static/php/classes/Response.class.php
  4. 133
      static/php/classes/Upload.php
  5. 63
      static/php/classes/UploadException.class.php
  6. 32
      static/php/classes/UploadedFile.class.php
  7. 24
      static/php/classes/errorReport.php

21
static/php/classes/Database.class.php → static/php/api.php
Unescape View File

@ -18,13 +18,20 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Settings.class.php';
require_once 'includes/Upload.class.php';
class Database extends Settings
{
public $db;
public function __construct()
{
$this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS);
use Core\Response as Response;
if (isset($_FILES['files'])) {
$uploads = (new Upload())->reFiles($_FILES['files']);
foreach ($uploads as $upload) {
$res[] = (new Upload())->uploadFile($upload);
}
if (isset($res)) {
(new Response())->returnSuccess($res);
} else {
(new Response())->returnError(400, 'No input file(s)', 'N/A');
}
}

83
static/php/classes/Core.php
Unescape View File

@ -1,83 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Core {
/**
* @property mixed $DB_CONN
*/
class Settings
{
public $DB_MODE;
public $DB_PATH;
public $DB_USER;
public $DB_PASS;
public $LOG_IP;
public $ANTI_DUPE;
public $BLACKLIST_DB;
public $FILTER_MODE;
public $FILES_ROOT;
public $FILES_RETRIES;
public $SSL;
public $URL;
public $NAME_LENGTH;
public $ID_CHARSET;
public $BLOCKED_EXTENSIONS;
public $BLOCKED_MIME;
public $DOUBLE_DOTS;
public function __constructSettings()
{
$settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
$this->DB_MODE = $settings_array['DB_MODE'];
$this->DB_PATH = $settings_array['DB_PATH'];
$this->DB_USER = $settings_array['DB_USER'];
$this->DB_PASS = $settings_array['DB_PASS'];
$this->LOG_IP = $settings_array['LOG_IP'];
$this->ANTI_DUPE = $settings_array['ANTI_DUPE'];
$this->BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
$this->FILTER_MODE = $settings_array['FILTER_MODE'];
$this->FILES_ROOT = $settings_array['FILES_ROOT'];
$this->FILES_RETRIES = $settings_array['FILES_RETRIES'];
$this->SSL = $settings_array['SSL'];
$this->URL = $settings_array['URL'];
$this->NAME_LENGTH = $settings_array['NAME_LENGTH'];
$this->ID_CHARSET = $settings_array['ID_CHARSET'];
$this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
$this->BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
$this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
}
}
class Database extends Settings
{
public $DB;
public function __constructDB()
{
$this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS);
}
}
}

259
static/php/classes/Response.class.php
Unescape View File

@ -1,259 +0,0 @@
<?php
/**
* The Response class is a do-it-all for getting responses out in different
* formats.
*
* @todo Create sub-classes to split and extend this god object.
*/
class Response
{
/**
* Indicates response type used for routing.
*
* Valid strings are 'csv', 'html', 'json' and 'text'.
*
* @var string Response type
*/
private $type;
/**
* Indicates requested response type.
*
* Valid strings are 'csv', 'html', 'json', 'gyazo' and 'text'.
*
* @param string|null $response_type Response type
*/
public function __construct($response_type = null)
{
switch ($response_type) {
case 'csv':
header('Content-Type: text/csv; charset=UTF-8');
$this->type = $response_type;
break;
case 'html':
header('Content-Type: text/html; charset=UTF-8');
$this->type = $response_type;
break;
case 'json':
header('Content-Type: application/json; charset=UTF-8');
$this->type = $response_type;
break;
case 'gyazo':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = 'text';
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
$this->error(400, 'Invalid response type. Valid options are: csv, html, json, text.');
break;
}
}
/**
* Routes error messages depending on response type.
*
* @param int $code HTTP status code number
* @param int $desc descriptive error message
*
* @return void
*/
public function error($code, $desc)
{
$response = null;
switch ($this->type) {
case 'csv':
$response = $this->csvError($desc);
break;
case 'html':
$response = $this->htmlError($code, $desc);
break;
case 'json':
$response = $this->jsonError($code, $desc);
break;
case 'text':
$response = $this->textError($code, $desc);
break;
}
//http_response_code(500); // "500 Internal Server Error"
echo $response;
}
/**
* Routes success messages depending on response type.
*
* @param mixed[] $files
*
* @return void
*/
public function send($files)
{
$response = null;
switch ($this->type) {
case 'csv':
$response = $this->csvSuccess($files);
break;
case 'html':
$response = $this->htmlSuccess($files);
break;
case 'json':
$response = $this->jsonSuccess($files);
break;
case 'text':
$response = $this->textSuccess($files);
break;
}
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Indicates with CSV body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $description descriptive error message
*
* @return string error message in CSV format
*/
private static function csvError($description)
{
return '"error"'."\r\n"."\"$description\""."\r\n";
}
/**
* Indicates with CSV body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in CSV format
*/
private static function csvSuccess($files)
{
$result = '"name","url","hash","size"'."\r\n";
foreach ($files as $file) {
$result .= '"'.$file['name'].'"'.','.
'"'.$file['url'].'"'.','.
'"'.$file['hash'].'"'.','.
'"'.$file['size'].'"'."\r\n";
}
return $result;
}
/**
* Indicates with HTML body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in HTML format
*/
private static function htmlError($code, $description)
{
return '<p>ERROR: ('.$code.') '.$description.'</p>';
}
/**
* Indicates with HTML body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in HTML format
*/
private static function htmlSuccess($files)
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="'.$file['url'].'">'.$file['url'].'</a><br>';
}
return $result;
}
/**
* Indicates with JSON body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in pretty-printed JSON format
*/
private static function jsonError($code, $description)
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Indicates with JSON body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in pretty-printed JSON format
*/
private static function jsonSuccess($files)
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Indicates with plain text body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in plain text format
*/
private static function textError($code, $description)
{
return 'ERROR: ('.$code.') '.$description;
}
/**
* Indicates with plain text body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in plain text format
*/
private static function textSuccess($files)
{
$result = '';
foreach ($files as $file) {
$result .= $file['url']."\n";
}
return $result;
}
}

133
static/php/classes/Upload.php
Unescape View File

@ -1,133 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Database.class.php';
class Upload extends Database, errorReport
{
public $FILE_NAME;
public $FILE_EXTENSION;
public $FILE_MIME;
public $NEW_NAME;
public $NEW_NAME_FULL;
public function fileInfo ($file)
{
if (isset($_FILES['files'])) {
$this->FILE_NAME = '';
$this->FILE_NAME = $file->name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$this->FILE_MIME = finfo_file($finfo, $file->tempfile);
finfo_close($finfo);
// Check if extension is a double-dot extension and, if true, override $ext
foreach ($this->DOUBLE_DOTS as $ddot) {
if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
$this->FILE_EXTENSION = strrev($ddot);
} else {
$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
}
}
}
}
public function checkFileBlacklist ($hash){
$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $hash, PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
public function checkExtensionBlacklist($ext){
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function checkMimeBlacklist($mime){
//check if MIME is blacklisted
if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function generateName($file)
{
$this->fileInfo($file);
$error = new
do {
// Iterate until we reach the maximum number of retries
if ($this->FILES_RETRIES-- === 0) {
$error->throwError('500', 'Gave up trying to find an unused name', true);
}
for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
}
// Add the extension to the file name
if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
}
// Check if the file hash is blacklisted
if($this->BLACKLIST_DB){
$this->checkFileBlacklist($file->getSha1());
}
// Check if extension or mime is blacklisted
if($this->FILTER_MODE) {
$this->checkMimeBlacklist($this->FILE_MIME);
$this->checkExtensionBlacklist($this->FILE_EXTENSION);
}
// Check if a file with the same name does already exist in the database
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
$q->bindValue(':name', $name, PDO::PARAM_STR);
$q->execute();
$result = $q->fetchColumn();
// If it does, generate a new name
} while ($result > 0);
return $name;
}
}

63
static/php/classes/UploadException.class.php
Unescape View File

@ -1,63 +0,0 @@
<?php
/**
* Returns a human readable error description for file upload errors.
*
* @author Dan Brown <danbrown@php.net>
* @author Michiel Thalen
* @copyright Copyright © 1997 - 2016 by the PHP Documentation Group
* @license
* UploadException is licensed under a Creative Commons Attribution 3.0 License
* or later.
*
* Based on a work at
* https://secure.php.net/manual/en/features.file-upload.errors.php#89374.
*
* You should have received a copy of the Creative Commons Attribution 3.0
* License with this program. If not, see
* <https://creativecommons.org/licenses/by/3.0/>.
*/
class UploadException extends Exception
{
public function __construct($code)
{
$message = $this->codeToMessage($code);
parent::__construct($message, 500);
}
private function codeToMessage($code)
{
switch ($code) {
case UPLOAD_ERR_INI_SIZE:
$message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
break;
case UPLOAD_ERR_FORM_SIZE:
$message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was '.
'specified in the HTML form';
break;
case UPLOAD_ERR_PARTIAL:
$message = 'The uploaded file was only partially uploaded';
break;
case UPLOAD_ERR_NO_FILE:
$message = 'No file was uploaded';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$message = 'Missing a temporary folder';
break;
case UPLOAD_ERR_CANT_WRITE:
$message = 'Failed to write file to disk';
break;
case UPLOAD_ERR_EXTENSION:
$message = 'File upload stopped by extension';
break;
default:
$message = 'Unknown upload error';
break;
}
return $message;
}
}

32
static/php/classes/UploadedFile.class.php
Unescape View File

@ -1,32 +0,0 @@
<?php
class UploadedFile
{
/* Public attributes */
public $name;
public $mime;
public $size;
public $tempfile;
public $error;
/**
* SHA-1 checksum
*
* @var string 40 digit hexadecimal hash (160 bits)
*/
private $sha1;
/**
* Generates the SHA-1 or returns the cached SHA-1 hash for the file.
*
* @return string|false $sha1
*/
public function getSha1()
{
if (!$this->sha1) {
$this->sha1 = sha1_file($this->tempfile);
}
return $this->sha1;
}
}

24
static/php/classes/errorReport.php
Unescape View File

@ -1,24 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
class errorReport
{
}
Write Preview
Loading…
Cancel
Save