diff options
author | adam <adam@> | 2021-02-14 15:14:06 +0200 |
---|---|---|
committer | adam <adam@> | 2021-02-14 15:14:06 +0200 |
commit | 69239c2a520438b158c23259d8e37f32b4890331 (patch) | |
tree | b039adcb92a86b730ab2e995f88ca0a70e65145e /php | |
parent | 9f480bbf41205ce77d3d5075f51d91683ebcbacc (diff) | |
download | fileup-69239c2a520438b158c23259d8e37f32b4890331.tar.gz |
fixed sanity checks
Diffstat (limited to 'php')
-rw-r--r-- | php/configuration.php | 48 | ||||
-rw-r--r-- | php/configuration.php.of | 28 | ||||
-rw-r--r-- | php/move.php | 5 |
3 files changed, 57 insertions, 24 deletions
diff --git a/php/configuration.php b/php/configuration.php index 1f2f423..236db70 100644 --- a/php/configuration.php +++ b/php/configuration.php @@ -1,28 +1,30 @@ <?php - -$use_https = false; - -// The server needs to know its domain name so it can generate download links -$domain_name="localhost"; - -// MySQL database name/user/password location -// VOLATILE - database_name is hard coded in INIT_DATABASE.sql, if you change it here you MUST change that as well -$database_name="fileup"; -$database_username="root"; -$database_password=""; -$database_location="127.0.0.1"; - -// This directory MUST exist and PHP's configuration must be able to read/write/delete files inside it -$storage_root = "C:\\fileup_storage"; - - -// Are we using the /trash directory? +/*should be placed outside of document root*/ + +$use_https=true; + +if (file_exists("/home/alex")) { + $domain_name="localhost"; + $database_name="alex"; + $database_username="alex"; + $database_password="lol"; + $database_location="127.0.0.1"; + + $storage_root = "/home/alex/fileup_storage"; +} +else { + $domain_name="testing"; + $database_name="fileup_testing"; + $database_username="outsider"; + $database_password="parola123"; + $database_location="localhost"; + /*storage root must be in the webroot*/ + $storage_root = "/srv/apache/testing/project/files/"; +} + +/*if we save deleted files just in case of an error*/ $has_trash=true; - $password_hash_algo=PASSWORD_BCRYPT; $has_email_verification=false; - -@include_once("$_SERVER[HOME]/.fileup.config.php"); - -?>
\ No newline at end of file +?> diff --git a/php/configuration.php.of b/php/configuration.php.of new file mode 100644 index 0000000..1f2f423 --- /dev/null +++ b/php/configuration.php.of @@ -0,0 +1,28 @@ +<?php + +$use_https = false; + +// The server needs to know its domain name so it can generate download links +$domain_name="localhost"; + +// MySQL database name/user/password location +// VOLATILE - database_name is hard coded in INIT_DATABASE.sql, if you change it here you MUST change that as well +$database_name="fileup"; +$database_username="root"; +$database_password=""; +$database_location="127.0.0.1"; + +// This directory MUST exist and PHP's configuration must be able to read/write/delete files inside it +$storage_root = "C:\\fileup_storage"; + + +// Are we using the /trash directory? +$has_trash=true; + +$password_hash_algo=PASSWORD_BCRYPT; + +$has_email_verification=false; + +@include_once("$_SERVER[HOME]/.fileup.config.php"); + +?>
\ No newline at end of file diff --git a/php/move.php b/php/move.php index d1bbbfc..a663c5a 100644 --- a/php/move.php +++ b/php/move.php @@ -13,7 +13,9 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS exit(1); } +/*filename as we want it to be in the directory*/ $new_filename = $_POST["filename"]; +/*filename as it is in the directory*/ $old_filename = $_POST["filename"]; if (isset($_POST['new_filename'])) @@ -28,7 +30,8 @@ $old_dir = get_directory($old_folder, $user); $new_dir = get_directory($new_folder, $user); $trash_dir = get_directory("/trash",$user); $share_dir = get_directory("/share",$user); -if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) { + +if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) { error_log("invalid src/dst dir"); http_response_code(409); exit(0); |