prosody-modules
67d6510c5f49
mod_http_upload_external/share.php

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_http_upload_external/share.php @ 2972:67d6510c5f49

mod_http_upload_external: Use a more widespread method to obtain Content-Length (thanks Yves)
author Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date Fri, 30 Mar 2018 21:00:15 +0200
parent 2333:f86478a02b25
child 2977:7036e82f83f5
comparison
equal deleted inserted replaced
2971:c89be016a075 2972:67d6510c5f49
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name);
69 69
70 $request_method = $_SERVER['REQUEST_METHOD']; 70 $request_method = $_SERVER['REQUEST_METHOD'];
71 71
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') {
73 $headers = getallheaders(); 73 $upload_file_size = $_SERVER['HTTP_CONTENT_LENGTH'];
74
75 $upload_file_size = $headers['Content-Length'];
76 $upload_token = $_GET['v']; 74 $upload_token = $_GET['v'];
77 75
78 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); 76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET);
79 if($upload_token !== $calculated_token) { 77 if($upload_token !== $calculated_token) {
80 header('HTTP/1.0 403 Forbidden'); 78 header('HTTP/1.0 403 Forbidden');