From 90219e16f0839cbe6ba73360e62c3a62ac6d15c2 Mon Sep 17 00:00:00 2001
From: Lorenz Stechauner <lorenz.stechauner@necronda.net>
Date: Wed, 7 Feb 2024 15:46:51 +0100
Subject: [PATCH] files: Allow to automatically upload files

---
 www/files/index.php | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/www/files/index.php b/www/files/index.php
index e1115bd..6b69a40 100644
--- a/www/files/index.php
+++ b/www/files/index.php
@@ -2,12 +2,37 @@
 require "../format.inc";
 $TITLE = 'Downloads';
 
+if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
+    if ($_SERVER['PHP_AUTH_USER'] !== 'elwig' || $_SERVER['PHP_AUTH_PW'] !== '[REDACTED]') {
+        header('Status: 401');
+        header('WWW-Authenticate: Basic realm="Elwig"');
+        exit("401 Unauthorized :(\n");
+    }
+    $name = substr($_SERVER['PATH_INFO'], 1);
+    if (str_contains($name, "..") || str_contains($name, "/")) {
+        header('Status: 403');
+        exit("403 Forbidden :(\n");
+    }
+
+    $upload = fopen("php://input", "r");
+    $fp = fopen($name, "wb+");
+    while ($data = fread($upload, 4096)) fwrite($fp, $data);
+    fclose($fp);
+    fclose($upload);
+
+    exit("200 OK :)\n");
+} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {
+    header('Status: 405');
+    header('Content-Length: 0');
+    exit();
+}
+
 global $getProd;
 global $getVers;
 $getProd = null;
 $getVers = null;
 $info = explode('/', $_SERVER['PATH_INFO']);
-if ($info[1] === 'elwig' || $info[1] === 'winziprint') {
+if (sizeof($info) > 0 && ($info[1] === 'elwig' || $info[1] === 'winziprint')) {
     $getProd = $info[1];
     $getVers = $info[2];
     if (sizeof($info) > 3) {