winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

www: Improve error handling for file uploads

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-02-20 15:23:47 +01:00
parent 0ce071c256
commit a93afcdf97
2 changed files with 42 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
www/files/index.php
View File

@ -5,22 +5,40 @@ require "../.php/auth.inc";
if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
authenticate();
header('Content-Type: text/plain; charset=UTF-8');
$name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 14');
exit("403 Forbidden\n");
} else if (!isset($_SERVER['HTTP_CONTENT_LENGTH'])) {
header('Status: 411');
header('Content-Length: 20');
exit("411 Length Required\n");
}
$upload = fopen("php://input", "r");
$fp = fopen($name, "wb+");
$fp = fopen("/tmp/upload-$name", "wb+");
if (!$upload || !$fp) {
fclose($fp);
fclose($upload);
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
while ($data = fread($upload, 4096)) fwrite($fp, $data);
fclose($fp);
fclose($upload);
if (!rename("/tmp/upload-$name", $name)) {
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
header('Status: 201');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 12');
exit("201 Created\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {