Comparison

mod_http_upload_external/share.php @ 3226:3b13f19652e2

mod_http_upload_external: Update share.php and share_v2.php to allow cross-domain requests
author Matthew Wild <mwild1@gmail.com>
date Tue, 14 Aug 2018 17:47:44 +0100
parent 3216:5d35e6b409e0
child 3227:62c82d097017
comparison
equal deleted inserted replaced
3225:517c7f0333e3 3226:3b13f19652e2
67 $upload_file_name = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME'])+1); 67 $upload_file_name = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME'])+1);
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name);
69 69
70 $request_method = $_SERVER['REQUEST_METHOD']; 70 $request_method = $_SERVER['REQUEST_METHOD'];
71 71
72 /* Set CORS headers */
73 header('Access-Control-Allow-Methods: GET, PUT, OPTIONS');
74 header('Access-Control-Allow-Headers: Content-Type');
75 header('Access-Control-Max-Age: 7200');
76 header('Access-Control-Allow-Origin: *');
77
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { 78 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') {
73 $upload_file_size = $_SERVER['CONTENT_LENGTH']; 79 $upload_file_size = $_SERVER['CONTENT_LENGTH'];
74 $upload_token = $_GET['v']; 80 $upload_token = $_GET['v'];
75 81
76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); 82 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET);
120 readfile($store_file_name); 126 readfile($store_file_name);
121 } 127 }
122 } else { 128 } else {
123 header('HTTP/1.0 404 Not Found'); 129 header('HTTP/1.0 404 Not Found');
124 } 130 }
131 } else if($request_method === 'OPTIONS') {
125 } else { 132 } else {
126 header('HTTP/1.0 400 Bad Request'); 133 header('HTTP/1.0 400 Bad Request');
127 } 134 }
128 135
129 exit; 136 exit;