winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

www: Improve error handling for file uploads

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-02-20 15:23:47 +01:00
parent 0ce071c256
commit a93afcdf97
2 changed files with 42 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
www/clients.php
View File

@@ -208,17 +208,26 @@ foreach ($clients as $c) {
header("Content-Length: $size"); header("Content-Length: $size");
readfile($path); readfile($path);
} else if ($_SERVER['REQUEST_METHOD'] === 'PUT') { } else if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$putdata = fopen('php://input', 'r'); $upload = fopen("php://input", "r");
$fp = fopen($path, 'wb'); $fp = fopen("/tmp/upload-$file", "wb+");
if ($fp === false) { if (!$upload || !$fp) {
header("Status: 500"); fclose($fp);
header("Content-Length: 26"); fclose($upload);
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n"); exit("500 Internal Server Error\n");
} }
while ($data = fread($putdata, 4096))
fwrite($fp, $data); while ($data = fread($upload, 4096)) fwrite($fp, $data);
fclose($fp); fclose($fp);
fclose($putdata); fclose($upload);
if (!rename("/tmp/upload-$file", $path)) {
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
header("Status: 201"); header("Status: 201");
header('Content-Length: 12'); header('Content-Length: 12');
exit("201 Created\n"); exit("201 Created\n");

24
www/files/index.php
View File

@@ -5,22 +5,40 @@ require "../.php/auth.inc";
if ($_SERVER['REQUEST_METHOD'] === 'PUT') { if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
authenticate(); authenticate();
header('Content-Type: text/plain; charset=UTF-8');
$name = substr($_SERVER['PATH_INFO'], 1); $name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) { if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403'); header('Status: 403');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 14'); header('Content-Length: 14');
exit("403 Forbidden\n"); exit("403 Forbidden\n");
} else if (!isset($_SERVER['HTTP_CONTENT_LENGTH'])) {
header('Status: 411');
header('Content-Length: 20');
exit("411 Length Required\n");
} }
$upload = fopen("php://input", "r"); $upload = fopen("php://input", "r");
$fp = fopen($name, "wb+"); $fp = fopen("/tmp/upload-$name", "wb+");
if (!$upload || !$fp) {
fclose($fp);
fclose($upload);
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
while ($data = fread($upload, 4096)) fwrite($fp, $data); while ($data = fread($upload, 4096)) fwrite($fp, $data);
fclose($fp); fclose($fp);
fclose($upload); fclose($upload);
if (!rename("/tmp/upload-$name", $name)) {
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
header('Status: 201'); header('Status: 201');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 12'); header('Content-Length: 12');
exit("201 Created\n"); exit("201 Created\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') { } else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {