winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

files: Fix authentication on upload

Browse Source
This commit is contained in:
Lorenz Stechauner
2024-05-14 23:54:32 +02:00
parent 3730e4ef3c
commit 10025555a4
2 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
www/files/index.php
View File

@ -8,6 +8,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403');
header('Content-Type: text/plain');
header('Content-Length: 17');
exit("403 Forbidden :(\n");
}
@ -17,11 +19,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
fclose($fp);
fclose($upload);
header('Status: 200');
header('Content-Type: text/plain');
header('Content-Length: 10');
exit("200 OK :)\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {
header('Status: 405');
header('Content-Length: 0');
exit();
header('Allow: GET, HEAD, PUT');
header('Content-Type: text/plain');
header('Content-Length: 26');
exit("405 Method Not Allowed :(\n");
}
global $getProd;