equal
deleted
inserted
replaced
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
69 |
69 |
70 $request_method = $_SERVER['REQUEST_METHOD']; |
70 $request_method = $_SERVER['REQUEST_METHOD']; |
71 |
71 |
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
73 $upload_file_size = $_SERVER['HTTP_CONTENT_LENGTH']; |
73 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
74 $upload_token = $_GET['v']; |
74 $upload_token = $_GET['v']; |
75 |
75 |
76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
77 if($upload_token !== $calculated_token) { |
77 if($upload_token !== $calculated_token) { |
78 header('HTTP/1.0 403 Forbidden'); |
78 header('HTTP/1.0 403 Forbidden'); |
102 // Send file (using X-Sendfile would be nice here...) |
102 // Send file (using X-Sendfile would be nice here...) |
103 if(file_exists($store_file_name)) { |
103 if(file_exists($store_file_name)) { |
104 header('Content-Disposition: attachment'); |
104 header('Content-Disposition: attachment'); |
105 header('Content-Type: application/octet-stream'); |
105 header('Content-Type: application/octet-stream'); |
106 header('Content-Length: '.filesize($store_file_name)); |
106 header('Content-Length: '.filesize($store_file_name)); |
107 header('Content-Security-Policy: "default-src \'none\'"'); |
107 header("Content-Security-Policy: \"default-src 'none'\""); |
108 header('X-Content-Security-Policy: "default-src \'none\'"'); |
108 header("X-Content-Security-Policy: \"default-src 'none'\""); |
109 header('X-WebKit-CSP: "default-src 'none'"'); |
109 header("X-WebKit-CSP: \"default-src 'none'\""); |
110 if($request_method !== 'HEAD') { |
110 if($request_method !== 'HEAD') { |
111 readfile($store_file_name); |
111 readfile($store_file_name); |
112 } |
112 } |
113 } else { |
113 } else { |
114 header('HTTP/1.0 404 Not Found'); |
114 header('HTTP/1.0 404 Not Found'); |