From 9e9d77b4072de4f8c73e8bbade07a8f27734e4bd Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sat, 6 Feb 2010 23:14:56 +0100 Subject: Initial commit Signed-off-by: Florian Pritz --- system/application/controllers/file.php | 231 ++++++++++++++++++++++++++++++ system/application/controllers/index.html | 10 ++ 2 files changed, 241 insertions(+) create mode 100644 system/application/controllers/file.php create mode 100644 system/application/controllers/index.html (limited to 'system/application/controllers') diff --git a/system/application/controllers/file.php b/system/application/controllers/file.php new file mode 100644 index 000000000..d22cb9dfe --- /dev/null +++ b/system/application/controllers/file.php @@ -0,0 +1,231 @@ + + * + * Licensed under GPLv3 + * (see COPYING for full license text) + * + */ + +class File extends Controller { + // TODO: Add comments + + function __construct() + { + parent::Controller(); + $this->load->helper('form'); + $this->load->model('file_mod'); + } + + function index() + { + $this->upload_form(); + } + + function upload_form() + { + $data = array(); + $data['title'] = 'Upload'; + + $this->load->view('file/header', $data); + $this->load->view('file/upload_form', $data); + $this->load->view('file/footer', $data); + } + + function delete() + { + $id = $this->uri->segment(3); + $password = $this->input->post('password'); + if ($password !== false && $this->file_mod->id_exists($id)) { + $this->file_mod->delete_id($id, $password); + echo $id." deleted\n"; + } else { + echo 'Couldn\'t delete '.$id."\n"; + } + die(); + } + + function do_upload() + { + $data = array(); + if(isset($_FILES['userfile'])) { + if ($_FILES['userfile']['error'] === 0) { + $filesize = filesize($_FILES['userfile']['tmp_name']); + if ($filesize >= $this->config->item('upload_max_size')) { + $this->load->view('file/header', $data); + $this->load->view('file/too_big'); + } else { + $password = $this->input->post('password'); + $extension = $this->input->post('extension'); + if ($password !== false) { + $password = $this->file_mod->hash_password($password); + } else { + $password = 'NULL'; + } + + $id = $this->file_mod->new_id(); + $file_hash = md5_file($_FILES['userfile']['tmp_name']); + $file_name = $_FILES['userfile']['name']; + $folder = $this->file_mod->folder($file_hash); + file_exists($folder) || mkdir ($folder); + $file = $folder.'/'.$file_hash; + + $sql = ' + INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`) + VALUES (?, ?, ?, ?, ?)'; + $query = $this->db->query($sql, array($file_hash, $id, $file_name, $password, time())); + + move_uploaded_file($_FILES['userfile']['tmp_name'], $file); + chmod($file, 0600); + + redirect($this->config->item('paste_show_url').$id.'/'.$extension); + } + } else { + $this->index(); + } + } else { + $this->load->view('file/header', $data); + $this->load->view('file/upload_error', $data); + $this->load->view('file/footer', $data); + } + } + + function show_url() + { + $data = array(); + $id = $this->uri->segment(3); + $mode = $this->uri->segment(4); + + if ($mode) { + $data['url'] = site_url($this->config->item('paste_download_url').$id.'/'.$mode); + } else { + $data['url'] = site_url($this->config->item('paste_download_url').$id).'/'; + } + + if (strstr($_SERVER['HTTP_USER_AGENT'], 'libcurl')) { + echo $data['url']; + } else { + $this->load->view('file/header', $data); + $this->load->view('file/show_url', $data); + $this->load->view('file/footer', $data); + } + } + + function download() + { + $data = array(); + $id = $this->uri->segment(3); + $mode = $this->uri->segment(4); + + $filedata = $this->file_mod->get_filedata($id); + + $folder = $this->file_mod->folder($filedata['hash']); + $file = $folder.'/'.$filedata['hash']; + + if ($this->file_mod->id_exists($id) && file_exists($file)) { + // MODIFIED SINCE SUPPORT -- START + // helps to keep traffic low when reloading an image + // TODO: check for bugs, find source of code again + $filedate = filectime($file); + $etag = strtolower(md5_file($file)); + $modified = true; + + if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) { + $oldtag = trim(strtolower($_SERVER['HTTP_IF_NONE_MATCH']), '"'); + if($oldtag == $etag) { + $modified = false; + } else { + $modified = true; + } + } + + if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { + $olddate = date_parse(trim(strtolower($_SERVER['HTTP_IF_MODIFIED_SINCE']))); + $olddate = gmmktime($olddate['hour'], + $olddate['minute'], + $olddate['second'], + $olddate['month'], + $olddate['day'], + $olddate['year']); + if($olddate >= $filedate) { + $modified = false; + } else { + $modified = true; + } + } + // MODIFIED SINCE SUPPORT -- END + + $type = exec('/usr/bin/perlbin/vendor/mimetype -b '.escapeshellarg($file)); + + if (!$mode && substr_count(ltrim($this->uri->uri_string(), "/"), '/') >= 3) { + $mode = $this->file_mod->mime2extension($type); + } + + if (!$modified) { + header("HTTP/1.1 304 Not Modified"); + header('Etag: "'.$etag.'"'); + } else { + if ($mode + && $this->file_mod->mime2extension($type) + && filesize($file) <= $this->config->item('upload_max_text_size') + ) { + header("Content-Type: text/html\n"); + // TODO: move to own file + echo '' + .''.$filedata['filename'].'' + .' ' + .' ' + .'' + .'
' + .' Raw' + .' ' + .' 
';
+          // TODO: implement in PHP
+          echo shell_exec('/usr/bin/seq 1 $(/usr/bin/wc -l '.escapeshellarg($file).' | /bin/cut -d\  -f1) | sed -r \'s/^(.*)$/\1<\/a>/g\'');
+          echo '  
'."\n";
+          echo shell_exec(FCPATH.'scripts/syntax-highlighting.sh '.$filedata['filename'].'.'.$mode.' < '.escapeshellarg($file));
+          echo '
'; + } else { + header("Content-Type: ".$type."\n"); + header("Content-disposition: inline; filename=\"".$filedata['filename']."\"\n"); + header("Content-Length: ".filesize($file)."\n"); + header("Last-Modified: ".date('D, d M Y H:i:s', $filedate)." GMT"); + header('Etag: "'.$etag.'"'); + $fp = fopen($file,"r"); + while (!feof($fp)) { + $buff = fread($fp,4096); + echo $buff; + } + fclose($fp); + } + } + exit(); + } else { + $this->load->view('file/header', $data); + $this->load->view('file/non_existant'); + $this->load->view('file/footer', $data); + } + } + + function cron() + { + $oldest_time = (time()-$this->config->item('upload_max_age')); + $query = $this->db->query('SELECT hash, id FROM files WHERE date < ?', + array($oldest_time)); + + foreach($query->result_array() as $row) { + $file = $this->config->item('upload_path').'/'.substr($row['hash'], 0, 3).'/'.$row['hash']; + if(filemtime($file) < $oldest_time) { + unlink($file); + $this->db->query('DELETE FROM files WHERE hash = ?', array($row['hash'])); + } else { + $this->db->query('DELETE FROM files WHERE id = ?', array($row['id'])); + } + } + } +} + +/* End of file file.php */ +/* Location: ./system/application/controllers/file.php */ diff --git a/system/application/controllers/index.html b/system/application/controllers/index.html new file mode 100644 index 000000000..c942a79ce --- /dev/null +++ b/system/application/controllers/index.html @@ -0,0 +1,10 @@ + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + \ No newline at end of file -- cgit v1.2.3-24-g4f1b