1
0
mirror of https://github.com/nokonoko/Uguu.git synced 2024-01-06 13:35:15 +00:00
This commit is contained in:
Go Johansson 2022-01-22 02:40:20 +01:00
parent 99a7284a22
commit 0f8d4e9ce3
7 changed files with 14 additions and 601 deletions

View File

@ -18,13 +18,20 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Settings.class.php';
require_once 'includes/Upload.class.php';
class Database extends Settings
{
public $db;
public function __construct()
{
$this->db = new PDO($this->DB_CONN, $this->DB_USER, $this->DB_PASS);
use Core\Response as Response;
if (isset($_FILES['files'])) {
$uploads = (new Upload())->reFiles($_FILES['files']);
foreach ($uploads as $upload) {
$res[] = (new Upload())->uploadFile($upload);
}
if (isset($res)) {
(new Response())->returnSuccess($res);
} else {
(new Response())->returnError(400, 'No input file(s)', 'N/A');
}
}

View File

@ -1,83 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace Core {
/**
* @property mixed $DB_CONN
*/
class Settings
{
public $DB_MODE;
public $DB_PATH;
public $DB_USER;
public $DB_PASS;
public $LOG_IP;
public $ANTI_DUPE;
public $BLACKLIST_DB;
public $FILTER_MODE;
public $FILES_ROOT;
public $FILES_RETRIES;
public $SSL;
public $URL;
public $NAME_LENGTH;
public $ID_CHARSET;
public $BLOCKED_EXTENSIONS;
public $BLOCKED_MIME;
public $DOUBLE_DOTS;
public function __constructSettings()
{
$settings_array = json_decode(file_get_contents('/Users/go.johansson/PERSONAL_REPOS/Uguu/dist.json'), true);
$this->DB_MODE = $settings_array['DB_MODE'];
$this->DB_PATH = $settings_array['DB_PATH'];
$this->DB_USER = $settings_array['DB_USER'];
$this->DB_PASS = $settings_array['DB_PASS'];
$this->LOG_IP = $settings_array['LOG_IP'];
$this->ANTI_DUPE = $settings_array['ANTI_DUPE'];
$this->BLACKLIST_DB = $settings_array['BLACKLIST_DB'];
$this->FILTER_MODE = $settings_array['FILTER_MODE'];
$this->FILES_ROOT = $settings_array['FILES_ROOT'];
$this->FILES_RETRIES = $settings_array['FILES_RETRIES'];
$this->SSL = $settings_array['SSL'];
$this->URL = $settings_array['URL'];
$this->NAME_LENGTH = $settings_array['NAME_LENGTH'];
$this->ID_CHARSET = $settings_array['ID_CHARSET'];
$this->BLOCKED_EXTENSIONS = $settings_array['BLOCKED_EXTENSIONS'];
$this->BLOCKED_MIME = $settings_array['BLOCKED_MIME'];
$this->DOUBLE_DOTS = $settings_array['DOUBLE_DOTS'];
}
}
class Database extends Settings
{
public $DB;
public function __constructDB()
{
$this->DB = new PDO($this->DB_MODE.':'.$this->DB_PATH, $this->DB_USER, $this->DB_PASS);
}
}
}

View File

@ -1,259 +0,0 @@
<?php
/**
* The Response class is a do-it-all for getting responses out in different
* formats.
*
* @todo Create sub-classes to split and extend this god object.
*/
class Response
{
/**
* Indicates response type used for routing.
*
* Valid strings are 'csv', 'html', 'json' and 'text'.
*
* @var string Response type
*/
private $type;
/**
* Indicates requested response type.
*
* Valid strings are 'csv', 'html', 'json', 'gyazo' and 'text'.
*
* @param string|null $response_type Response type
*/
public function __construct($response_type = null)
{
switch ($response_type) {
case 'csv':
header('Content-Type: text/csv; charset=UTF-8');
$this->type = $response_type;
break;
case 'html':
header('Content-Type: text/html; charset=UTF-8');
$this->type = $response_type;
break;
case 'json':
header('Content-Type: application/json; charset=UTF-8');
$this->type = $response_type;
break;
case 'gyazo':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = 'text';
break;
case 'text':
header('Content-Type: text/plain; charset=UTF-8');
$this->type = $response_type;
break;
default:
header('Content-Type: application/json; charset=UTF-8');
$this->type = 'json';
$this->error(400, 'Invalid response type. Valid options are: csv, html, json, text.');
break;
}
}
/**
* Routes error messages depending on response type.
*
* @param int $code HTTP status code number
* @param int $desc descriptive error message
*
* @return void
*/
public function error($code, $desc)
{
$response = null;
switch ($this->type) {
case 'csv':
$response = $this->csvError($desc);
break;
case 'html':
$response = $this->htmlError($code, $desc);
break;
case 'json':
$response = $this->jsonError($code, $desc);
break;
case 'text':
$response = $this->textError($code, $desc);
break;
}
//http_response_code(500); // "500 Internal Server Error"
echo $response;
}
/**
* Routes success messages depending on response type.
*
* @param mixed[] $files
*
* @return void
*/
public function send($files)
{
$response = null;
switch ($this->type) {
case 'csv':
$response = $this->csvSuccess($files);
break;
case 'html':
$response = $this->htmlSuccess($files);
break;
case 'json':
$response = $this->jsonSuccess($files);
break;
case 'text':
$response = $this->textSuccess($files);
break;
}
http_response_code(200); // "200 OK". Success.
echo $response;
}
/**
* Indicates with CSV body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $description descriptive error message
*
* @return string error message in CSV format
*/
private static function csvError($description)
{
return '"error"'."\r\n"."\"$description\""."\r\n";
}
/**
* Indicates with CSV body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in CSV format
*/
private static function csvSuccess($files)
{
$result = '"name","url","hash","size"'."\r\n";
foreach ($files as $file) {
$result .= '"'.$file['name'].'"'.','.
'"'.$file['url'].'"'.','.
'"'.$file['hash'].'"'.','.
'"'.$file['size'].'"'."\r\n";
}
return $result;
}
/**
* Indicates with HTML body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in HTML format
*/
private static function htmlError($code, $description)
{
return '<p>ERROR: ('.$code.') '.$description.'</p>';
}
/**
* Indicates with HTML body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in HTML format
*/
private static function htmlSuccess($files)
{
$result = '';
foreach ($files as $file) {
$result .= '<a href="'.$file['url'].'">'.$file['url'].'</a><br>';
}
return $result;
}
/**
* Indicates with JSON body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in pretty-printed JSON format
*/
private static function jsonError($code, $description)
{
return json_encode([
'success' => false,
'errorcode' => $code,
'description' => $description,
], JSON_PRETTY_PRINT);
}
/**
* Indicates with JSON body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in pretty-printed JSON format
*/
private static function jsonSuccess($files)
{
return json_encode([
'success' => true,
'files' => $files,
], JSON_PRETTY_PRINT);
}
/**
* Indicates with plain text body the request was invalid.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param int $code HTTP status code number
* @param int $description descriptive error message
*
* @return string error message in plain text format
*/
private static function textError($code, $description)
{
return 'ERROR: ('.$code.') '.$description;
}
/**
* Indicates with plain text body the request was successful.
*
* @deprecated 2.1.0 Will be renamed to camelCase format.
*
* @param mixed[] $files
*
* @return string success message in plain text format
*/
private static function textSuccess($files)
{
$result = '';
foreach ($files as $file) {
$result .= $file['url']."\n";
}
return $result;
}
}

View File

@ -1,133 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
require_once 'Database.class.php';
class Upload extends Database, errorReport
{
public $FILE_NAME;
public $FILE_EXTENSION;
public $FILE_MIME;
public $NEW_NAME;
public $NEW_NAME_FULL;
public function fileInfo ($file)
{
if (isset($_FILES['files'])) {
$this->FILE_NAME = '';
$this->FILE_NAME = $file->name;
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$this->FILE_MIME = finfo_file($finfo, $file->tempfile);
finfo_close($finfo);
// Check if extension is a double-dot extension and, if true, override $ext
foreach ($this->DOUBLE_DOTS as $ddot) {
if (stripos(strrev($this->FILE_NAME), $ddot) === 0) {
$this->FILE_EXTENSION = strrev($ddot);
} else {
$this->FILE_EXTENSION = pathinfo($file->name, PATHINFO_EXTENSION);
}
}
}
}
public function checkFileBlacklist ($hash){
$q = $this->db->prepare('SELECT hash, COUNT(*) AS count FROM blacklist WHERE hash = (:hash)');
$q->bindValue(':hash', $hash, PDO::PARAM_STR);
$q->execute();
$result = $q->fetch();
if ($result['count'] > 0) {
http_response_code(415);
throw new Exception(
'File blacklisted!',
415
);
exit(0);
}
}
public function checkExtensionBlacklist($ext){
//Check if EXT is blacklisted
if (in_array($ext, unserialize(CONFIG_BLOCKED_EXTENSIONS))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function checkMimeBlacklist($mime){
//check if MIME is blacklisted
if (in_array($mime, unserialize($this->BLOCKED_MIME))) {
http_response_code(415);
throw new Exception(
'File type not allowed!',
415
);
exit(0);
}
}
public function generateName($file)
{
$this->fileInfo($file);
$error = new
do {
// Iterate until we reach the maximum number of retries
if ($this->FILES_RETRIES-- === 0) {
$error->throwError('500', 'Gave up trying to find an unused name', true);
}
for ($i = 0; $i < $this->NAME_LENGTH; ++$i) {
$this->NEW_NAME .= $this->ID_CHARSET[mt_rand(0, strlen($this->ID_CHARSET))];
}
// Add the extension to the file name
if (isset($this->FILE_EXTENSION) && $this->FILE_EXTENSION !== '') {
$this->NEW_NAME_FULL = $this->NEW_NAME.'.'.$this->FILE_EXTENSION;
}
// Check if the file hash is blacklisted
if($this->BLACKLIST_DB){
$this->checkFileBlacklist($file->getSha1());
}
// Check if extension or mime is blacklisted
if($this->FILTER_MODE) {
$this->checkMimeBlacklist($this->FILE_MIME);
$this->checkExtensionBlacklist($this->FILE_EXTENSION);
}
// Check if a file with the same name does already exist in the database
$q = $db->prepare('SELECT COUNT(filename) FROM files WHERE filename = (:name)');
$q->bindValue(':name', $name, PDO::PARAM_STR);
$q->execute();
$result = $q->fetchColumn();
// If it does, generate a new name
} while ($result > 0);
return $name;
}
}

View File

@ -1,63 +0,0 @@
<?php
/**
* Returns a human readable error description for file upload errors.
*
* @author Dan Brown <danbrown@php.net>
* @author Michiel Thalen
* @copyright Copyright © 1997 - 2016 by the PHP Documentation Group
* @license
* UploadException is licensed under a Creative Commons Attribution 3.0 License
* or later.
*
* Based on a work at
* https://secure.php.net/manual/en/features.file-upload.errors.php#89374.
*
* You should have received a copy of the Creative Commons Attribution 3.0
* License with this program. If not, see
* <https://creativecommons.org/licenses/by/3.0/>.
*/
class UploadException extends Exception
{
public function __construct($code)
{
$message = $this->codeToMessage($code);
parent::__construct($message, 500);
}
private function codeToMessage($code)
{
switch ($code) {
case UPLOAD_ERR_INI_SIZE:
$message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
break;
case UPLOAD_ERR_FORM_SIZE:
$message = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was '.
'specified in the HTML form';
break;
case UPLOAD_ERR_PARTIAL:
$message = 'The uploaded file was only partially uploaded';
break;
case UPLOAD_ERR_NO_FILE:
$message = 'No file was uploaded';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$message = 'Missing a temporary folder';
break;
case UPLOAD_ERR_CANT_WRITE:
$message = 'Failed to write file to disk';
break;
case UPLOAD_ERR_EXTENSION:
$message = 'File upload stopped by extension';
break;
default:
$message = 'Unknown upload error';
break;
}
return $message;
}
}

View File

@ -1,32 +0,0 @@
<?php
class UploadedFile
{
/* Public attributes */
public $name;
public $mime;
public $size;
public $tempfile;
public $error;
/**
* SHA-1 checksum
*
* @var string 40 digit hexadecimal hash (160 bits)
*/
private $sha1;
/**
* Generates the SHA-1 or returns the cached SHA-1 hash for the file.
*
* @return string|false $sha1
*/
public function getSha1()
{
if (!$this->sha1) {
$this->sha1 = sha1_file($this->tempfile);
}
return $this->sha1;
}
}

View File

@ -1,24 +0,0 @@
<?php
/*
* Uguu
*
* @copyright Copyright (c) 2022 Go Johansson (nekunekus) <neku@pomf.se> <github.com/nokonoko>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
class errorReport
{
}