prosody-modules
9480ca61294d
mod_http_upload_external/share.php
Software / code / prosody-modules
Comparison
mod_http_upload_external/share.php @ 2979:9480ca61294d
mod_http_upload_external: Fix syntax error in share.php
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 02 Apr 2018 15:00:57 +0100 |
| parent | 2977:7036e82f83f5 |
| child | 3216:5d35e6b409e0 |
comparison
equal
deleted
inserted
replaced
| 2978:ac99a04231b1 | 2979:9480ca61294d |
|---|---|
| 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); | 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
| 69 | 69 |
| 70 $request_method = $_SERVER['REQUEST_METHOD']; | 70 $request_method = $_SERVER['REQUEST_METHOD']; |
| 71 | 71 |
| 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { | 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
| 73 $upload_file_size = $_SERVER['HTTP_CONTENT_LENGTH']; | 73 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
| 74 $upload_token = $_GET['v']; | 74 $upload_token = $_GET['v']; |
| 75 | 75 |
| 76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); | 76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
| 77 if($upload_token !== $calculated_token) { | 77 if($upload_token !== $calculated_token) { |
| 78 header('HTTP/1.0 403 Forbidden'); | 78 header('HTTP/1.0 403 Forbidden'); |
| 102 // Send file (using X-Sendfile would be nice here...) | 102 // Send file (using X-Sendfile would be nice here...) |
| 103 if(file_exists($store_file_name)) { | 103 if(file_exists($store_file_name)) { |
| 104 header('Content-Disposition: attachment'); | 104 header('Content-Disposition: attachment'); |
| 105 header('Content-Type: application/octet-stream'); | 105 header('Content-Type: application/octet-stream'); |
| 106 header('Content-Length: '.filesize($store_file_name)); | 106 header('Content-Length: '.filesize($store_file_name)); |
| 107 header('Content-Security-Policy: "default-src \'none\'"'); | 107 header("Content-Security-Policy: \"default-src 'none'\""); |
| 108 header('X-Content-Security-Policy: "default-src \'none\'"'); | 108 header("X-Content-Security-Policy: \"default-src 'none'\""); |
| 109 header('X-WebKit-CSP: "default-src 'none'"'); | 109 header("X-WebKit-CSP: \"default-src 'none'\""); |
| 110 if($request_method !== 'HEAD') { | 110 if($request_method !== 'HEAD') { |
| 111 readfile($store_file_name); | 111 readfile($store_file_name); |
| 112 } | 112 } |
| 113 } else { | 113 } else { |
| 114 header('HTTP/1.0 404 Not Found'); | 114 header('HTTP/1.0 404 Not Found'); |
