winzer/elwig-www
2
0
Fork 0
Code Issues Pull Requests Activity

www: Improve error handling for file uploads

Browse Source
This commit is contained in:
Lorenz Stechauner
2025-02-20 15:23:47 +01:00
parent 0ce071c256
commit a93afcdf97
2 changed files with 42 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
www/clients.php
View File

@ -150,7 +150,7 @@ foreach ($clients as $c) {
header("Location: $c/");
header('Content-Length: 23');
exit("308 Permanent Redirect\n");
} elseif ($path === "/$c/") {
} else if ($path === "/$c/") {
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
header("Status: 405");
header("Allow: GET");
@ -195,7 +195,7 @@ foreach ($clients as $c) {
header('Status: 400');
header('Content-Length: 16');
exit("400 Bad Request\n");
} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
} else if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$size = filesize($path);
if ($size === false) {
header('Status: 404');
@ -207,22 +207,31 @@ foreach ($clients as $c) {
header("Content-Disposition: attachment; filename=\"$file\"");
header("Content-Length: $size");
readfile($path);
} elseif ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$putdata = fopen('php://input', 'r');
$fp = fopen($path, 'wb');
if ($fp === false) {
header("Status: 500");
header("Content-Length: 26");
} else if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
$upload = fopen("php://input", "r");
$fp = fopen("/tmp/upload-$file", "wb+");
if (!$upload || !$fp) {
fclose($fp);
fclose($upload);
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
while ($data = fread($putdata, 4096))
fwrite($fp, $data);
while ($data = fread($upload, 4096)) fwrite($fp, $data);
fclose($fp);
fclose($putdata);
fclose($upload);
if (!rename("/tmp/upload-$file", $path)) {
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
header("Status: 201");
header('Content-Length: 12');
exit("201 Created\n");
} elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
} else if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
if ($file === '*') {
foreach (scandir(".data/clients/$c/") as $f) {
if (str_starts_with($f, ".") || str_ends_with($f, ".php") || str_ends_with($f, ".inc")) continue;

24
www/files/index.php
View File

@ -5,22 +5,40 @@ require "../.php/auth.inc";
if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
authenticate();
header('Content-Type: text/plain; charset=UTF-8');
$name = substr($_SERVER['PATH_INFO'], 1);
if (str_contains($name, "..") || str_contains($name, "/")) {
header('Status: 403');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 14');
exit("403 Forbidden\n");
} else if (!isset($_SERVER['HTTP_CONTENT_LENGTH'])) {
header('Status: 411');
header('Content-Length: 20');
exit("411 Length Required\n");
}
$upload = fopen("php://input", "r");
$fp = fopen($name, "wb+");
$fp = fopen("/tmp/upload-$name", "wb+");
if (!$upload || !$fp) {
fclose($fp);
fclose($upload);
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
while ($data = fread($upload, 4096)) fwrite($fp, $data);
fclose($fp);
fclose($upload);
if (!rename("/tmp/upload-$name", $name)) {
header('Status: 500');
header('Content-Length: 26');
exit("500 Internal Server Error\n");
}
header('Status: 201');
header('Content-Type: text/plain; charset=UTF-8');
header('Content-Length: 12');
exit("201 Created\n");
} else if ($_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD') {