1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
<?php
require(__DIR__ . '/.config.php');
header('Content-Type: text/plain');
if (isset($_GET['df'])) {
system("df -h --output=avail / | tail -1");
exit;
}
if ($_SERVER['REQUEST_METHOD'] != 'POST' && $_SERVER['REQUEST_METHOD'] != 'PUT') {
header('Status: 405 Method Not Allowed');
echo "You must use PUT or POST to upload a file.\n";
exit;
}
$c_t = strtolower($_SERVER['HTTP_CONTENT_TYPE'] ?? '');
if ($c_t == 'multipart/form-data' || 0 === strpos($c_t, 'multipart/form-data;')) {
$FILES = remap_files();
foreach ($FILES['file'] as $file) {
if (!is_uploaded_file($file['tmp_name'])) {
die_error("Not an uploaded file: $file[tmp_name]");
}
$hash = hash_file("sha512", $file['tmp_name']);
if (FALSE === $hash) {
die_error("Unable to hash uploaded file?!");
}
$filename = $hash . get_extension($file['name']);
$filepath = UPLOAD_DIR . '/' . $filename;
if (FALSE === move_uploaded_file($file['tmp_name'], $filepath)) {
die_error("Renaming uploaded file $file[tmp_name] to $filepath failed");
}
echo UPLOAD_URL . $filename . "\n";
send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $file[full_path] $file[type] -> $filename");
}
} else {
$in_fh = fopen('php://input', 'r');
$tmp_path = tempnam(UPLOAD_DIR, '.up-');
$out_fh = fopen($tmp_path, 'w');
if (FALSE === $out_fh) {
die_error("Couldn't open temporary file $tmp_path");
}
$hash = hash_init("sha512");
$size = 0;
while (!feof($in_fh) && FALSE !== ($data = fread($in_fh, 1024*1024))) {
hash_update($hash, $data);
$fwrite_status = fwrite($out_fh, $data);
if (FALSE === $fwrite_status || $fwrite_status < strlen($data)) {
die_error("Outputting to temporary file $tmp_path failed");
}
$size += $fwrite_status;
}
fclose($in_fh);
if (FALSE === fclose($out_fh)) {
die_error("Closing temporary file $tmp_path failed");
}
$filename = hash_final($hash) . get_extension($_SERVER['PATH_INFO']);
$filepath = UPLOAD_DIR . '/' . $filename;
if (file_exists($filepath)) {
unlink($tmp_path);
} else {
if (FALSE === rename($tmp_path, $filepath)) {
die_error("Renaming temporary file $tmp_path to $filepath failed");
}
}
echo UPLOAD_URL . $filename . "\n";
send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] uploaded $_SERVER[PATH_INFO] $c_t -> $filename");
}
function send_notification($note) {
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_connect($sock, gethostbyname(NOTIFICATION_ADDRESS), NOTIFICATION_PORT);
socket_write($sock, $note, strlen($note));
socket_close($sock);
}
function die_error($s) {
global $tmp_path, $filepath, $size;
header('Status: 500 Server Is 💩');
echo $s;
error_log($s);
@$debug = json_encode(array('s'=>$_SERVER, 'f'=>$_FILES, 't'=>$tmp_path, 'p'=>$filepath, 'size' => $size));
send_notification("[hostfil.es] $_SERVER[REMOTE_ADDR] ! $s\n$debug");
exit;
}
function get_extension($file) {
$ext = strrchr($file, '.');
if (FALSE === $ext) {
return '';
}
return $ext;
}
function remap_files() {
$files = array();
foreach (array_keys($_FILES) as $input_name) {
$files[$input_name] = array();
foreach (array_keys($_FILES[$input_name]) as $file_info_key) {
if (is_array($_FILES[$input_name][$file_info_key])) {
foreach ($_FILES[$input_name][$file_info_key] as $i => $v) {
if (!isset($files[$input_name][$i])) $files[$input_name][$i] = array();
$files[$input_name][$i][$file_info_key] = $v;
}
} else {
if (!isset($files[$input_name][0])) $files[$input_name][0] = array();
$files[$input_name][0][$file_info_key] = $_FILES[$input_name][$file_info_key];
}
}
}
return $files;
}
|