Go Johansson
5 months ago
13 changed files with 353 additions and 119 deletions
@ -0,0 +1,8 @@
|
||||
# Default ignored files |
||||
/shelf/ |
||||
/workspace.xml |
||||
# Editor-based HTTP Client requests |
||||
/httpRequests/ |
||||
# Datasource local storage ignored files |
||||
/dataSources/ |
||||
/dataSources.local.xml |
||||
@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<module type="WEB_MODULE" version="4"> |
||||
<component name="NewModuleRootManager"> |
||||
<content url="file://$MODULE_DIR$" /> |
||||
<orderEntry type="inheritedJdk" /> |
||||
<orderEntry type="sourceFolder" forTests="false" /> |
||||
</component> |
||||
</module> |
||||
@ -0,0 +1,6 @@
|
||||
<component name="CopyrightManager"> |
||||
<copyright> |
||||
<option name="notice" value="Uguu @copyright Copyright (c) &#36;today.year Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>." /> |
||||
<option name="myName" value="neku" /> |
||||
</copyright> |
||||
</component> |
||||
@ -0,0 +1,3 @@
|
||||
<component name="CopyrightManager"> |
||||
<settings default="neku" /> |
||||
</component> |
||||
@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project version="4"> |
||||
<component name="ProjectModuleManager"> |
||||
<modules> |
||||
<module fileurl="file://$PROJECT_DIR$/.idea/Uguu.iml" filepath="$PROJECT_DIR$/.idea/Uguu.iml" /> |
||||
</modules> |
||||
</component> |
||||
</project> |
||||
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<project version="4"> |
||||
<component name="VcsDirectoryMappings"> |
||||
<mapping directory="$PROJECT_DIR$" vcs="Git" /> |
||||
</component> |
||||
</project> |
||||
@ -0,0 +1,83 @@
|
||||
<?php |
||||
/* |
||||
* Uguu |
||||
* |
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU General Public License as published by |
||||
* the Free Software Foundation, either version 3 of the License, or |
||||
* (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU General Public License |
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>. |
||||
*/ |
||||
|
||||
namespace Core { |
||||
|
||||
/** |
||||
* @property mixed $DB_CONN |
||||
*/ |
||||
class Settings |
||||
{ |
||||
|
||||
public $DB_MODE; |
||||
public $DB_PATH; |
||||
public $DB_USER; |
||||
public $DB_PASS; |
||||
|
||||
public $LOG_IP; |
||||
public $ANTI_DUPE; |
||||
public $BLACKLIST_DB; |
||||
public $FILTER_MODE; |
||||
|
||||
public $FILES_ROOT; |
||||
public $FILES_RETRIES; |
||||
|
||||
public $SSL; |
||||
public $URL; |
||||
|
||||
public $NAME_LENGTH; |
||||
public $ID_CHARSET; |
||||
public $BLOCKED_EXTENSIONS; |
||||
public $BLOCKED_MIME; |
||||
public $DOUBLE_DOTS; |
||||
|
||||
public function __constructSettings() |
||||
{ |
||||
$settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true); |
||||
$this->DB_MODE = $settings_array['DB_MODE']; |
||||
$this->DB_PATH = $settings_array['DB_PATH']; |
||||
$this->DB_USER = $settings_array['DB_USER']; |
||||
$this->DB_PASS = $settings_array['DB_PASS']; |
||||
$this->LOG_IP = $settings_array['LOG_IP']; |
||||
$this->ANTI_DUPE = $settings_array['ANTI_DUPE']; |
||||
$this->BLACKLIST_DB = $settings_array['BLACKLIST_DB']; |
||||
$this->FILTER_MODE = $settings_array['FILTER_MODE']; |
||||
$this->FILES_ROOT = $settings_array['FILES_ROOT']; |
||||
$this->FILES_RETRIES = $settings_array['FILES_RETRIES']; |
||||
$this->SSL = $settings_array['SSL']; |
||||
$this->URL = $settings_array['URL']; |
||||
$this->NAME_LENGTH = $settings_array['NAME_LENGTH']; |
||||
$this->ID_CHARSET = $settings_array['ID_CHARSET']; |
||||
$this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS']; |
||||
$this->BLOCKED_MIME = $settings_array['BLOCKED_MIME']; |
||||
$this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS']; |
||||
} |
||||
} |
||||
|
||||
class Database extends Settings |
||||
{ |
||||
public $DB; |
||||
|
||||
public function __constructDB() |
||||
{ |
||||
$this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS); |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,30 @@
|
||||
<?php |
||||
/* |
||||
* Uguu |
||||
* |
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU General Public License as published by |
||||
* the Free Software Foundation, either version 3 of the License, or |
||||
* (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU General Public License |
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>. |
||||
*/ |
||||
|
||||
require_once 'Settings.class.php'; |
||||
|
||||
class Database extends Settings |
||||
{ |
||||
public $db; |
||||
public function __construct() |
||||
{ |
||||
$this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS); |
||||
} |
||||
} |
||||
@ -0,0 +1,133 @@
|
||||
<?php |
||||
/* |
||||
* Uguu |
||||
* |
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU General Public License as published by |
||||
* the Free Software Foundation, either version 3 of the License, or |
||||
* (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU General Public License |
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>. |
||||
*/ |
||||
require_once 'Database.class.php'; |
||||
|
||||
class Upload extends Database, errorReport |
||||
{ |
||||
public $FILE_NAME; |
||||
public $FILE_EXTENSION; |
||||
public $FILE_MIME; |
||||
|
||||
public $NEW_NAME; |
||||
public $NEW_NAME_FULL; |
||||
|
||||
public function fileInfo ($file) |
||||
{ |
||||
if (isset($_FILES['files'])) { |
||||
$this->FILE_NAME = ''; |
||||
$this->FILE_NAME = $file->name; |
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE); |
||||
$this->FILE_MIME = finfo_file($finfo, $file->tempfile); |
||||
finfo_close($finfo); |
||||
|
||||
// Check if extension is a double-dot extension and, if true, override $ext |
||||
foreach ($this->DOUBLE_DOTS as $ddot) { |
||||
if (stripos(strrev($this->FILE_NAME), $ddot) === 0) { |
||||
$this->FILE_EXTENSION = strrev($ddot); |
||||
} else { |
||||
$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
|
||||
public function checkFileBlacklist ($hash){ |
||||
$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)'); |
||||
$q->bindValue(':hash', $hash, PDO::PARAM_STR); |
||||
$q->execute(); |
||||
$result = $q->fetch(); |
||||
if ($result['count'] > 0) { |
||||
http_response_code(415); |
||||
throw new Exception( |
||||
'File blacklisted!', |
||||
415 |
||||
); |
||||
exit(0); |
||||
} |
||||
} |
||||
|
||||
public function checkExtensionBlacklist($ext){ |
||||
//Check if EXT is blacklisted |
||||
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) { |
||||
http_response_code(415); |
||||
throw new Exception( |
||||
'File type not allowed!', |
||||
415 |
||||
); |
||||
exit(0); |
||||
} |
||||
} |
||||
|
||||
public function checkMimeBlacklist($mime){ |
||||
//check if MIME is blacklisted |
||||
if (in_array($mime, unserialize($this->BLOCKED_MIME))) { |
||||
http_response_code(415); |
||||
throw new Exception( |
||||
'File type not allowed!', |
||||
415 |
||||
); |
||||
exit(0); |
||||
} |
||||
} |
||||
|
||||
public function generateName($file) |
||||
{ |
||||
$this->fileInfo($file); |
||||
$error = new |
||||
do { |
||||
// Iterate until we reach the maximum number of retries |
||||
if ($this->FILES_RETRIES-- === 0) { |
||||
$error->throwError('500', 'Gave up trying to find an unused name', true); |
||||
} |
||||
|
||||
|
||||
|
||||
|
||||
for ($i = 0; $i < $this->NAME_LENGTH; ++$i) { |
||||
$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))]; |
||||
} |
||||
|
||||
// Add the extension to the file name |
||||
if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') { |
||||
$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION; |
||||
} |
||||
|
||||
// Check if the file hash is blacklisted |
||||
if($this->BLACKLIST_DB){ |
||||
$this->checkFileBlacklist($file->getSha1()); |
||||
} |
||||
|
||||
// Check if extension or mime is blacklisted |
||||
if($this->FILTER_MODE) { |
||||
$this->checkMimeBlacklist($this->FILE_MIME); |
||||
$this->checkExtensionBlacklist($this->FILE_EXTENSION); |
||||
} |
||||
|
||||
// Check if a file with the same name does already exist in the database |
||||
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)'); |
||||
$q->bindValue(':name', $name, PDO::PARAM_STR); |
||||
$q->execute(); |
||||
$result = $q->fetchColumn(); |
||||
// If it does, generate a new name |
||||
} while ($result > 0); |
||||
|
||||
return $name; |
||||
} |
||||
} |
||||
@ -0,0 +1,24 @@
|
||||
<?php |
||||
/* |
||||
* Uguu |
||||
* |
||||
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko> |
||||
* |
||||
* This program is free software: you can redistribute it and/or modify |
||||
* it under the terms of the GNU General Public License as published by |
||||
* the Free Software Foundation, either version 3 of the License, or |
||||
* (at your option) any later version. |
||||
* |
||||
* This program is distributed in the hope that it will be useful, |
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
* GNU General Public License for more details. |
||||
* |
||||
* You should have received a copy of the GNU General Public License |
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>. |
||||
*/ |
||||
|
||||
class errorReport |
||||
{ |
||||
|
||||
} |
||||
@ -1,6 +0,0 @@
|
||||
<?php |
||||
|
||||
require_once 'settings.inc.php'; |
||||
|
||||
/* NOTE: we don't have to unref the PDO because we're not long-running */ |
||||
$db = new PDO(UGUU_DB_CONN, UGUU_DB_USER, UGUU_DB_PASS); |
||||
@ -1,112 +0,0 @@
|
||||
<?php |
||||
|
||||
/** |
||||
* User configurable settings for Uguu. |
||||
*/ |
||||
|
||||
/* |
||||
* PDO connection socket |
||||
* |
||||
* Database connection to use for communication. Currently, MySQL is the only |
||||
* DSN prefix supported. |
||||
* |
||||
* @see http://php.net/manual/en/ref.pdo-mysql.connection.php PHP manual for |
||||
* PDO_MYSQL DSN. |
||||
* @param string UGUU_DB_CONN DSN:host|unix_socket=hostname|path;dbname=database |
||||
*/ |
||||
define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3'); |
||||
|
||||
/* |
||||
* PDO database login credentials |
||||
*/ |
||||
|
||||
/* @param string UGUU_DB_NAME Database username */ |
||||
define('UGUU_DB_USER', 'NULL'); |
||||
/* @param string UGUU_DB_PASS Database password */ |
||||
define('UGUU_DB_PASS', 'NULL'); |
||||
|
||||
/** |
||||
* @param boolean Log IP of uploads |
||||
*/ |
||||
define('LOG_IP', false); |
||||
|
||||
/** |
||||
* @param boolean anti-dupe |
||||
*/ |
||||
define('ANTI_DUPE', false); |
||||
|
||||
/** |
||||
* @param boolean blacklist DB |
||||
* ONLY ENABLE THIS IS YOU ARE USING THE LATEST DB SCHEMA! |
||||
*/ |
||||
define('BLACKLIST_DB', false); |
||||
|
||||
/* |
||||
* File system location where to store uploaded files |
||||
* |
||||
* @param string Path to directory with trailing delimiter |
||||
*/ |
||||
define('UGUU_FILES_ROOT', '/path/to/file/'); |
||||
|
||||
/* |
||||
* Maximum number of iterations while generating a new filename |
||||
* |
||||
* Uguu uses an algorithm to generate random filenames. Sometimes a file may |
||||
* exist under a randomly generated filename, so we count tries and keep trying. |
||||
* If this value is exceeded, we give up trying to generate a new filename. |
||||
* |
||||
* @param int UGUU_FILES_RETRIES Number of attempts to retry |
||||
*/ |
||||
define('UGUU_FILES_RETRIES', 15); |
||||
|
||||
/* |
||||
* The length of generated filename (without file extension) |
||||
* |
||||
* @param int UGUU_FILES_LENGTH Number of random alphabetical ASCII characters |
||||
* to use |
||||
*/ |
||||
define('UGUU_FILES_LENGTH', 8); |
||||
|
||||
/* |
||||
* URI to prepend to links for uploaded files |
||||
* |
||||
* @param string UGUU_URL URI with trailing delimiter |
||||
*/ |
||||
define('UGUU_URL', 'https://url.to.subdomain.where.files.will.be.served.com/'); |
||||
|
||||
/* |
||||
* URI for filename generation |
||||
* |
||||
* @param string characters to be used in generateName() |
||||
*/ |
||||
define('ID_CHARSET', 'abcdefghijklmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ'); |
||||
|
||||
/* |
||||
* Filtered mime types |
||||
*/ |
||||
define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml', 'svg'])); |
||||
define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary', 'image/svg+xml'])); |
||||
|
||||
/** |
||||
* Whitelist or blacklist mode |
||||
* @param boolean blacklist (false) | whitelist (true) |
||||
*/ |
||||
define('CONFIG_FILTER_MODE', false); |
||||
|
||||
/** |
||||
* Double dot file extensions. |
||||
* |
||||
* Uguu keeps the last file extension for the uploaded file. In other words, an |
||||
* uploaded file with `.tar.gz` extension will be given a random filename which |
||||
* ends in `.gz` unless configured here to ignore discards for `.tar.gz`. |
||||
* |
||||
* @param string[] $doubledots Array of double dot file extensions strings |
||||
* without the first prefixing dot |
||||
*/ |
||||
$doubledots = array_map('strrev', [ |
||||
'tar.gz', |
||||
'tar.bz', |
||||
'tar.bz2', |
||||
'tar.xz', |
||||
'user.js', |
||||
]); |
||||
Loading…
Reference in new issue