diff --git a/www/clients.php b/www/clients.php index d458769..2c6597b 100644 --- a/www/clients.php +++ b/www/clients.php @@ -150,7 +150,7 @@ foreach ($clients as $c) { header("Location: $c/"); header('Content-Length: 23'); exit("308 Permanent Redirect\n"); - } elseif ($path === "/$c/") { + } else if ($path === "/$c/") { if ($_SERVER['REQUEST_METHOD'] !== 'GET') { header("Status: 405"); header("Allow: GET"); @@ -195,7 +195,7 @@ foreach ($clients as $c) { header('Status: 400'); header('Content-Length: 16'); exit("400 Bad Request\n"); - } elseif ($_SERVER['REQUEST_METHOD'] === 'GET') { + } else if ($_SERVER['REQUEST_METHOD'] === 'GET') { $size = filesize($path); if ($size === false) { header('Status: 404'); @@ -207,22 +207,31 @@ foreach ($clients as $c) { header("Content-Disposition: attachment; filename=\"$file\""); header("Content-Length: $size"); readfile($path); - } elseif ($_SERVER['REQUEST_METHOD'] === 'PUT') { - $putdata = fopen('php://input', 'r'); - $fp = fopen($path, 'wb'); - if ($fp === false) { - header("Status: 500"); - header("Content-Length: 26"); + } else if ($_SERVER['REQUEST_METHOD'] === 'PUT') { + $upload = fopen("php://input", "r"); + $fp = fopen("/tmp/upload-$file", "wb+"); + if (!$upload || !$fp) { + fclose($fp); + fclose($upload); + header('Status: 500'); + header('Content-Length: 26'); exit("500 Internal Server Error\n"); } - while ($data = fread($putdata, 4096)) - fwrite($fp, $data); + + while ($data = fread($upload, 4096)) fwrite($fp, $data); fclose($fp); - fclose($putdata); + fclose($upload); + + if (!rename("/tmp/upload-$file", $path)) { + header('Status: 500'); + header('Content-Length: 26'); + exit("500 Internal Server Error\n"); + } + header("Status: 201"); header('Content-Length: 12'); exit("201 Created\n"); - } elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') { + } else if ($_SERVER['REQUEST_METHOD'] === 'DELETE') { if ($file === '*') { foreach (scandir(".data/clients/$c/") as $f) { if (str_starts_with($f, ".") || str_ends_with($f, ".php") || str_ends_with($f, ".inc")) continue; diff --git a/www/files/index.php b/www/files/index.php index 87f7338..2c085d4 100644 --- a/www/files/index.php +++ b/www/files/index.php @@ -5,22 +5,40 @@ require "../.php/auth.inc"; if ($_SERVER['REQUEST_METHOD'] === 'PUT') { authenticate(); + header('Content-Type: text/plain; charset=UTF-8'); + $name = substr($_SERVER['PATH_INFO'], 1); if (str_contains($name, "..") || str_contains($name, "/")) { header('Status: 403'); - header('Content-Type: text/plain; charset=UTF-8'); header('Content-Length: 14'); exit("403 Forbidden\n"); + } else if (!isset($_SERVER['HTTP_CONTENT_LENGTH'])) { + header('Status: 411'); + header('Content-Length: 20'); + exit("411 Length Required\n"); } $upload = fopen("php://input", "r"); - $fp = fopen($name, "wb+"); + $fp = fopen("/tmp/upload-$name", "wb+"); + if (!$upload || !$fp) { + fclose($fp); + fclose($upload); + header('Status: 500'); + header('Content-Length: 26'); + exit("500 Internal Server Error\n"); + } + while ($data = fread($upload, 4096)) fwrite($fp, $data); fclose($fp); fclose($upload); + if (!rename("/tmp/upload-$name", $name)) { + header('Status: 500'); + header('Content-Length: 26'); + exit("500 Internal Server Error\n"); + } + header('Status: 201'); - header('Content-Type: text/plain; charset=UTF-8'); header('Content-Length: 12'); exit("201 Created\n"); } else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {