aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-14 15:14:06 +0200
committeradam <adam@>2021-02-14 15:14:06 +0200
commit69239c2a520438b158c23259d8e37f32b4890331 (patch)
treeb039adcb92a86b730ab2e995f88ca0a70e65145e /php
parent9f480bbf41205ce77d3d5075f51d91683ebcbacc (diff)
downloadfileup-69239c2a520438b158c23259d8e37f32b4890331.tar.gz
fixed sanity checks
Diffstat (limited to 'php')
-rw-r--r--php/configuration.php48
-rw-r--r--php/configuration.php.of28
-rw-r--r--php/move.php5
3 files changed, 57 insertions, 24 deletions
diff --git a/php/configuration.php b/php/configuration.php
index 1f2f423..236db70 100644
--- a/php/configuration.php
+++ b/php/configuration.php
@@ -1,28 +1,30 @@
<?php
-
-$use_https = false;
-
-// The server needs to know its domain name so it can generate download links
-$domain_name="localhost";
-
-// MySQL database name/user/password location
-// VOLATILE - database_name is hard coded in INIT_DATABASE.sql, if you change it here you MUST change that as well
-$database_name="fileup";
-$database_username="root";
-$database_password="";
-$database_location="127.0.0.1";
-
-// This directory MUST exist and PHP's configuration must be able to read/write/delete files inside it
-$storage_root = "C:\\fileup_storage";
-
-
-// Are we using the /trash directory?
+/*should be placed outside of document root*/
+
+$use_https=true;
+
+if (file_exists("/home/alex")) {
+ $domain_name="localhost";
+ $database_name="alex";
+ $database_username="alex";
+ $database_password="lol";
+ $database_location="127.0.0.1";
+
+ $storage_root = "/home/alex/fileup_storage";
+}
+else {
+ $domain_name="testing";
+ $database_name="fileup_testing";
+ $database_username="outsider";
+ $database_password="parola123";
+ $database_location="localhost";
+ /*storage root must be in the webroot*/
+ $storage_root = "/srv/apache/testing/project/files/";
+}
+
+/*if we save deleted files just in case of an error*/
$has_trash=true;
-
$password_hash_algo=PASSWORD_BCRYPT;
$has_email_verification=false;
-
-@include_once("$_SERVER[HOME]/.fileup.config.php");
-
-?> \ No newline at end of file
+?>
diff --git a/php/configuration.php.of b/php/configuration.php.of
new file mode 100644
index 0000000..1f2f423
--- /dev/null
+++ b/php/configuration.php.of
@@ -0,0 +1,28 @@
+<?php
+
+$use_https = false;
+
+// The server needs to know its domain name so it can generate download links
+$domain_name="localhost";
+
+// MySQL database name/user/password location
+// VOLATILE - database_name is hard coded in INIT_DATABASE.sql, if you change it here you MUST change that as well
+$database_name="fileup";
+$database_username="root";
+$database_password="";
+$database_location="127.0.0.1";
+
+// This directory MUST exist and PHP's configuration must be able to read/write/delete files inside it
+$storage_root = "C:\\fileup_storage";
+
+
+// Are we using the /trash directory?
+$has_trash=true;
+
+$password_hash_algo=PASSWORD_BCRYPT;
+
+$has_email_verification=false;
+
+@include_once("$_SERVER[HOME]/.fileup.config.php");
+
+?> \ No newline at end of file
diff --git a/php/move.php b/php/move.php
index d1bbbfc..a663c5a 100644
--- a/php/move.php
+++ b/php/move.php
@@ -13,7 +13,9 @@ if (!isset($_POST['old_folder']) || !isset($_POST['new_folder']) || !isset($_POS
exit(1);
}
+/*filename as we want it to be in the directory*/
$new_filename = $_POST["filename"];
+/*filename as it is in the directory*/
$old_filename = $_POST["filename"];
if (isset($_POST['new_filename']))
@@ -28,7 +30,8 @@ $old_dir = get_directory($old_folder, $user);
$new_dir = get_directory($new_folder, $user);
$trash_dir = get_directory("/trash",$user);
$share_dir = get_directory("/share",$user);
-if (!$old_dir || !$new_dir || $old_dir==$user->home_directory || $old_dir==$trash_dir || $old_dir==$share_dir) {
+
+if (!$old_dir || !$new_dir || ($old_dir==$user->home_directory && ($old_filename=="share" || $old_filename=="trash"))) {
error_log("invalid src/dst dir");
http_response_code(409);
exit(0);