aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authoradam <adam@>2021-02-13 13:26:41 +0200
committeradam <adam@>2021-02-13 13:26:41 +0200
commit8b1393b3f06fdd86abc3dca396670965c42ba8c2 (patch)
tree95a167bcacb1eb9e9d6ac48bda3c7e8ef77c8ff9 /php
parent8f8d22109484308255d16f318cb488b3c8519885 (diff)
parent3ab8276b269b3d646d232cf093d13bb280e28bf7 (diff)
downloadfileup-8b1393b3f06fdd86abc3dca396670965c42ba8c2.tar.gz
Merge https://github.com/alexvitkov/india
Diffstat (limited to 'php')
-rw-r--r--php/readfile.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/php/readfile.php b/php/readfile.php
index d978ffc..6e759d3 100644
--- a/php/readfile.php
+++ b/php/readfile.php
@@ -6,7 +6,7 @@ require_once "node.php";
require_once "misc.php";
session_start();
-if (!isset($_POST["filename"]) || !isset($_FILES["folder"])) {
+if (!isset($_POST["filename"]) || !isset($_POST["folder"])) {
error_log("/php/readfile.php - invalid request");
http_response_code(400);
exit(1);
@@ -19,7 +19,7 @@ $filename = $_POST["filename"];
$dir = get_directory($folder, $user);
if (!$dir) {
- error_log("i/php/readfile.php - invalid directory");
+ error_log("/php/readfile.php - invalid directory");
http_response_code(409);
exit(0);
}
@@ -30,7 +30,15 @@ $file_node = null;
foreach ($contents_of_dir as $c) {
if ($c['name'] == $filename) {
$file_node = $c;
+ break;
}
}
+if (!$file_node) {
+ error_log("/php/readfile.php - invalid filename");
+ http_response_code(409);
+ exit(0);
+}
+
+header("Content-type: $file_node[mimetype]");
-var_error_log($file_node);
+readfile("$storage_root/$file_node[code]");