Mercurial > prosody-modules
comparison mod_http_upload_external/share_v2.php @ 3163:31b85864a615
share_v2.php: Add error logging
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 02 Jul 2018 12:55:59 +0100 |
| parents | 3797be8f491f |
| children | 5176b8d81ec7 |
comparison
equal
deleted
inserted
replaced
| 3162:3797be8f491f | 3163:31b85864a615 |
|---|---|
| 69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); | 69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
| 70 | 70 |
| 71 $request_method = $_SERVER['REQUEST_METHOD']; | 71 $request_method = $_SERVER['REQUEST_METHOD']; |
| 72 | 72 |
| 73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') { | 73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') { |
| 74 error_log(var_export($_SERVER, TRUE)); | |
| 74 $upload_file_size = $_SERVER['CONTENT_LENGTH']; | 75 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
| 75 $upload_token = $_GET['v2']; | 76 $upload_token = $_GET['v2']; |
| 76 | 77 |
| 77 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) { | 78 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) { |
| 78 $upload_file_type = $_SERVER['CONTENT_TYPE']; | 79 $upload_file_type = $_SERVER['CONTENT_TYPE']; |
| 87 } | 88 } |
| 88 | 89 |
| 89 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET); | 90 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET); |
| 90 if(function_exists('hash_equals')) { | 91 if(function_exists('hash_equals')) { |
| 91 if(hash_equals($calculated_token, $upload_token) !== TRUE) { | 92 if(hash_equals($calculated_token, $upload_token) !== TRUE) { |
| 93 error_log("Token mismatch: calculated $calculated_token got $upload_token"); | |
| 92 header('HTTP/1.0 403 Forbidden'); | 94 header('HTTP/1.0 403 Forbidden'); |
| 93 exit; | 95 exit; |
| 94 } | 96 } |
| 95 } | 97 } |
| 96 else { | 98 else { |
| 97 if($upload_token !== $calculated_token) { | 99 if($upload_token !== $calculated_token) { |
| 100 error_log("Token mismatch: calculated $calculated_token got $upload_token"); | |
| 98 header('HTTP/1.0 403 Forbidden'); | 101 header('HTTP/1.0 403 Forbidden'); |
| 99 exit; | 102 exit; |
| 100 } | 103 } |
| 101 } | 104 } |
| 102 /* Open a file for writing */ | 105 /* Open a file for writing */ |