equal
deleted
inserted
replaced
67 $upload_file_name = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME'])+1); |
67 $upload_file_name = substr($_SERVER['PHP_SELF'], strlen($_SERVER['SCRIPT_NAME'])+1); |
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
69 |
69 |
70 $request_method = $_SERVER['REQUEST_METHOD']; |
70 $request_method = $_SERVER['REQUEST_METHOD']; |
71 |
71 |
|
72 /* Set CORS headers */ |
|
73 header('Access-Control-Allow-Methods: GET, PUT, OPTIONS'); |
|
74 header('Access-Control-Allow-Headers: Content-Type'); |
|
75 header('Access-Control-Max-Age: 7200'); |
|
76 header('Access-Control-Allow-Origin: *'); |
|
77 |
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
78 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
73 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
79 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
74 $upload_token = $_GET['v']; |
80 $upload_token = $_GET['v']; |
75 |
81 |
76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
82 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
120 readfile($store_file_name); |
126 readfile($store_file_name); |
121 } |
127 } |
122 } else { |
128 } else { |
123 header('HTTP/1.0 404 Not Found'); |
129 header('HTTP/1.0 404 Not Found'); |
124 } |
130 } |
|
131 } else if($request_method === 'OPTIONS') { |
125 } else { |
132 } else { |
126 header('HTTP/1.0 400 Bad Request'); |
133 header('HTTP/1.0 400 Bad Request'); |
127 } |
134 } |
128 |
135 |
129 exit; |
136 exit; |