1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15:
16:
17: require_once "../../mainfile.php";
18: $root =& XCube_Root::getSingleton();
19:
20:
21:
22: $auth = false;
23:
24: if (isset($_POST["ticket"])) {
25: $ticket = $_POST["ticket"];
26:
27: $handler =& xoops_getmodulehandler('token','fileManager');
28: $obj = $handler->get($ticket);
29: $dbToken = $obj->getShow('token');
30: $expire = $obj->getShow('expire');
31: $ipAddress = $obj->getShow('ipaddress');
32: $now = time();
33:
34: if ($_POST['ticket'] == $dbToken and getenv("REMOTE_ADDR") == $ipAddress ) {
35: $auth = true;
36: }
37:
38: if ($expire < $now) {
39:
40: $handler->deleteToken($ticket);
41: $auth = false;
42: }
43: }
44:
45:
46: if (!$auth) {
47: header("HTTP/1.1 500 Internal Server Error");
48: echo "Bat Reqest.";
49: exit(0);
50: }
51:
52:
53: if (isset($_POST["path"])) {
54: $path = $_POST["path"];
55:
56: if (preg_match ("/\.\//", $path)) {
57: header("HTTP/1.1 500 Internal Server Error");
58: echo "Bat Reqest.";
59: exit(0);
60: }
61:
62:
63: $save_path = XOOPS_ROOT_PATH . "/uploads/". $path ."/";
64: if (!file_exists($save_path)) {
65: header("HTTP/1.1 500 Internal Server Error");
66: echo "Bat Reqest.";
67: exit(0);
68: }
69:
70: } else {
71: header("HTTP/1.1 500 Internal Server Error");
72: echo "Bat Reqest.";
73: exit(0);
74: }
75:
76:
77: $config_handler = &xoops_gethandler('config');
78: $moduleConfig =& $config_handler->getConfigsByDirname('fileManager');
79: $extension_whitelist = explode('|', $moduleConfig['extensions']);
80:
81:
82: $POST_MAX_SIZE = ini_get('post_max_size');
83: $unit = strtoupper(substr($POST_MAX_SIZE, -1));
84: $multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));
85:
86: if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) {
87: header("HTTP/1.1 500 Internal Server Error");
88: echo "POST exceeded maximum allowed size.";
89: exit(0);
90: }
91:
92:
93: $upload_name = "Filedata";
94: $max_file_size_in_bytes = 21474836470;
95:
96:
97: $valid_chars_regex = '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-';
98:
99:
100: $MAX_FILENAME_LENGTH = 260;
101: $file_name = "";
102: $file_extension = "";
103: $uploadErrors = array(
104: 0=>"There is no error, the file uploaded with success",
105: 1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini",
106: 2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form",
107: 3=>"The uploaded file was only partially uploaded",
108: 4=>"No file was uploaded",
109: 6=>"Missing a temporary folder"
110: );
111:
112:
113: if (!isset($_FILES[$upload_name])) {
114: HandleError("No upload found in \$_FILES for " . $upload_name);
115: exit(0);
116: } else if (isset($_FILES[$upload_name]["error"]) && $_FILES[$upload_name]["error"] != 0) {
117: HandleError($uploadErrors[$_FILES[$upload_name]["error"]]);
118: exit(0);
119: } else if (!isset($_FILES[$upload_name]["tmp_name"]) || !@is_uploaded_file($_FILES[$upload_name]["tmp_name"])) {
120: HandleError("Upload failed is_uploaded_file test.");
121: exit(0);
122: } else if (!isset($_FILES[$upload_name]['name'])) {
123: HandleError("File has no name.");
124: exit(0);
125: }
126:
127:
128: $file_size = @filesize($_FILES[$upload_name]["tmp_name"]);
129: if (!$file_size || $file_size > $max_file_size_in_bytes) {
130: HandleError("File exceeds the maximum allowed size");
131: exit(0);
132: }
133:
134: if ($file_size <= 0) {
135: HandleError("File size outside allowed lower bound");
136: exit(0);
137: }
138:
139:
140: $file_name = preg_replace('/[^'.$valid_chars_regex.']|\.+$/i', "", basename($_FILES[$upload_name]['name']));
141:
142:
143: $trimName = substr($file_name, 0, strlen($file_name) - strlen(strrchr( $file_name, "." )));
144: if ($trimName =='') {
145: HandleError("Invalid file name");
146: exit(0);
147: }
148:
149: if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
150: HandleError("Invalid file name");
151: exit(0);
152: }
153:
154:
155: if (file_exists($save_path . $file_name)) {
156: HandleError("File with this name already exists");
157: exit(0);
158: }
159:
160:
161: $path_info = pathinfo($_FILES[$upload_name]['name']);
162: $file_extension = $path_info["extension"];
163: $is_valid_extension = false;
164: foreach ($extension_whitelist as $extension) {
165: if (strcasecmp($file_extension, $extension) == 0) {
166: $is_valid_extension = true;
167: break;
168: }
169: }
170: if (!$is_valid_extension) {
171: HandleError("Invalid file extension");
172: exit(0);
173: }
174:
175: if (!@move_uploaded_file($_FILES[$upload_name]["tmp_name"], $save_path.$file_name)) {
176: HandleError("File could not be saved.");
177: exit(0);
178: }
179:
180:
181: echo "File Received";
182: exit(0);
183:
184: 185: 186: 187:
188: function HandleError($message) {
189: header("HTTP/1.1 500 Internal Server Error");
190: echo $message;
191: }
192: ?>
193: