Browse Source

changes

remotes/r4jeshwar/master
Go Johansson 5 months ago
parent
commit
99a7284a22
  1. 8
      .idea/.gitignore
  2. 8
      .idea/Uguu.iml
  3. 6
      .idea/copyright/neku.xml
  4. 3
      .idea/copyright/profiles_settings.xml
  5. 8
      .idea/modules.xml
  6. 6
      .idea/vcs.xml
  7. 45
      dist.json
  8. 83
      static/php/classes/Core.php
  9. 30
      static/php/classes/Database.class.php
  10. 133
      static/php/classes/Upload.php
  11. 24
      static/php/classes/errorReport.php
  12. 6
      static/php/includes/database.inc.php
  13. 112
      static/php/includes/settings.inc.php

8
.idea/.gitignore vendored

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

8
.idea/Uguu.iml

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

6
.idea/copyright/neku.xml

@ -0,0 +1,6 @@
<component name="CopyrightManager">
<copyright>
<option name="notice" value="Uguu&#10;&#10;@copyright Copyright (c) &amp;#36;today.year Go Johansson (nekunekus) &lt;neku@pomf.se&gt; &lt;github.com/nokonoko&gt;&#10;&#10;This program is free software: you can redistribute it and/or modify&#10;it under the terms of the GNU General Public License as published by&#10;the Free Software Foundation, either version 3 of the License, or&#10;(at your option) any later version.&#10;&#10;This program is distributed in the hope that it will be useful,&#10;but WITHOUT ANY WARRANTY; without even the implied warranty of&#10;MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the&#10;GNU General Public License for more details.&#10;&#10;You should have received a copy of the GNU General Public License&#10;along with this program. If not, see &lt;https://www.gnu.org/licenses/&gt;." />
<option name="myName" value="neku" />
</copyright>
</component>

3
.idea/copyright/profiles_settings.xml

@ -0,0 +1,3 @@
<component name="CopyrightManager">
<settings default="neku" />
</component>

8
.idea/modules.xml

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/Uguu.iml" filepath="$PROJECT_DIR$/.idea/Uguu.iml" />
</modules>
</component>
</project>

6
.idea/vcs.xml

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>

45
dist.json

@ -26,5 +26,48 @@
"ToolsDesc": "The following tools might need editing to work on this clone of Uguu, usually editing the URL works.",
"paypalUrl": "",
"bitcoinAddress": "",
"flattrUrl": ""
"flattrUrl": "",
"DB_MODE": "sqlite",
"DB_CONN": "/path/to/db/uguu.sq3",
"DB_USER": "NULL",
"DB_PASS": "NULL",
"LOG_IP": false,
"ANTI_DUPE": false,
"BLACKLIST_DB": true,
"FILTER_MODE": true,
"FILES_ROOT": "/path/files",
"FILES_RETRIES": 15,
"SSL": true,
"URL": "a.uguu.se",
"ID_CHARSET": "abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ",
"BLOCKED_EXTENSIONS": [
"exe",
"scr",
"com",
"vbs",
"bat",
"cmd",
"htm",
"html",
"jar",
"msi",
"apk",
"phtml",
"svg"
],
"BLOCKED_MIME": [
"application/msword",
"text/html",
"application/x-dosexec",
"application/java",
"application/java-archive",
"application/x-executable",
"application/x-mach-binary",
"image/svg+xml"
],
"DOUBLE_DOTS": [
"tar.gz",
"tar.cp"
]
}

83
static/php/classes/Core.php

@ -0,0 +1,83 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Core {
/**
* @property mixed $DB_CONN
*/
class Settings
{
public $DB_MODE;
public $DB_PATH;
public $DB_USER;
public $DB_PASS;
public $LOG_IP;
public $ANTI_DUPE;
public $BLACKLIST_DB;
public $FILTER_MODE;
public $FILES_ROOT;
public $FILES_RETRIES;
public $SSL;
public $URL;
public $NAME_LENGTH;
public $ID_CHARSET;
public $BLOCKED_EXTENSIONS;
public $BLOCKED_MIME;
public $DOUBLE_DOTS;
public function __constructSettings()
{
$settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
$this->DB_MODE = $settings_array['DB_MODE'];
$this->DB_PATH = $settings_array['DB_PATH'];
$this->DB_USER = $settings_array['DB_USER'];
$this->DB_PASS = $settings_array['DB_PASS'];
$this->LOG_IP = $settings_array['LOG_IP'];
$this->ANTI_DUPE = $settings_array['ANTI_DUPE'];
$this->BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
$this->FILTER_MODE = $settings_array['FILTER_MODE'];
$this->FILES_ROOT = $settings_array['FILES_ROOT'];
$this->FILES_RETRIES = $settings_array['FILES_RETRIES'];
$this->SSL = $settings_array['SSL'];
$this->URL = $settings_array['URL'];
$this->NAME_LENGTH = $settings_array['NAME_LENGTH'];
$this->ID_CHARSET = $settings_array['ID_CHARSET'];
$this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
$this->BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
$this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
}
}
class Database extends Settings
{
public $DB;
public function __constructDB()
{
$this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS);
}
}
}

30
static/php/classes/Database.class.php

@ -0,0 +1,30 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Settings.class.php';
class Database extends Settings
{
public $db;
public function __construct()
{
$this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS);
}
}

133
static/php/classes/Upload.php

@ -0,0 +1,133 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Database.class.php';
class Upload extends Database, errorReport
{
public $FILE_NAME;
public $FILE_EXTENSION;
public $FILE_MIME;
public $NEW_NAME;
public $NEW_NAME_FULL;
public function fileInfo ($file)
{
if (isset($_FILES['files'])) {
$this->FILE_NAME = '';
$this->FILE_NAME = $file->name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$this->FILE_MIME = finfo_file($finfo, $file->tempfile);
finfo_close($finfo);
// Check if extension is a double-dot extension and, if true, override $ext
foreach ($this->DOUBLE_DOTS as $ddot) {
if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
$this->FILE_EXTENSION = strrev($ddot);
} else {
$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
}
}
}
}
public function checkFileBlacklist ($hash){
$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $hash, PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
public function checkExtensionBlacklist($ext){
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function checkMimeBlacklist($mime){
//check if MIME is blacklisted
if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function generateName($file)
{
$this->fileInfo($file);
$error = new
do {
// Iterate until we reach the maximum number of retries
if ($this->FILES_RETRIES-- === 0) {
$error->throwError('500', 'Gave up trying to find an unused name', true);
}
for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
}
// Add the extension to the file name
if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
}
// Check if the file hash is blacklisted
if($this->BLACKLIST_DB){
$this->checkFileBlacklist($file->getSha1());
}
// Check if extension or mime is blacklisted
if($this->FILTER_MODE) {
$this->checkMimeBlacklist($this->FILE_MIME);
$this->checkExtensionBlacklist($this->FILE_EXTENSION);
}
// Check if a file with the same name does already exist in the database
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
$q->bindValue(':name', $name, PDO::PARAM_STR);
$q->execute();
$result = $q->fetchColumn();
// If it does, generate a new name
} while ($result > 0);
return $name;
}
}

24
static/php/classes/errorReport.php

@ -0,0 +1,24 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
class errorReport
{
}

6
static/php/includes/database.inc.php

@ -1,6 +0,0 @@
<?php
require_once 'settings.inc.php';
/* NOTE: we don't have to unref the PDO because we're not long-running */
$db = new PDO(UGUU_DB_CONN, UGUU_DB_USER, UGUU_DB_PASS);

112
static/php/includes/settings.inc.php

@ -1,112 +0,0 @@
<?php
/**
* User configurable settings for Uguu.
*/
/*
* PDO connection socket
*
* Database connection to use for communication. Currently, MySQL is the only
* DSN prefix supported.
*
* @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for
* PDO_MYSQL DSN.
* @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database
*/
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
/*
* PDO database login credentials
*/
/* @param string UGUU_DB_NAME Database username */
define('UGUU_DB_USER', 'NULL');
/* @param string UGUU_DB_PASS Database password */
define('UGUU_DB_PASS', 'NULL');
/**
* @param boolean Log IP of uploads
*/
define('LOG_IP', false);
/**
* @param boolean anti-dupe
*/
define('ANTI_DUPE', false);
/**
* @param boolean blacklist DB
* ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA!
*/
define('BLACKLIST_DB', false);
/*
* File system location where to store uploaded files
*
* @param string Path to directory with trailing delimiter
*/
define('UGUU_FILES_ROOT', '/path/to/file/');
/*
* Maximum number of iterations while generating a new filename
*
* Uguu uses an algorithm to generate random filenames. Sometimes a file may
* exist under a randomly generated filename, so we count tries and keep trying.
* If this value is exceeded, we give up trying to generate a new filename.
*
* @param int UGUU_FILES_RETRIES Number of attempts to retry
*/
define('UGUU_FILES_RETRIES', 15);
/*
* The length of generated filename (without file extension)
*
* @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters
* to use
*/
define('UGUU_FILES_LENGTH', 8);
/*
* URI to prepend to links for uploaded files
*
* @param string UGUU_URL URI with trailing delimiter
*/
define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com/');
/*
* URI for filename generation
*
* @param string characters to be used in generateName()
*/
define('ID_CHARSET', 'abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ');
/*
* Filtered mime types
*/
define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg']));
define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml']));
/**
* Whitelist or blacklist mode
* @param boolean blacklist (false) | whitelist (true)
*/
define('CONFIG_FILTER_MODE', false);
/**
* Double dot file extensions.
*
* Uguu keeps the last file extension for the uploaded file. In other words, an
* uploaded file with `.tar.gz` extension will be given a random filename which
* ends in `.gz` unless configured here to ignore discards for `.tar.gz`.
*
* @param string[] $doubledots Array of double dot file extensions strings
* without the first prefixing dot
*/
$doubledots = array_map('strrev', [
'tar.gz',
'tar.bz',
'tar.bz2',
'tar.xz',
'user.js',
]);
Loading…
Cancel
Save