Mercurial > prosody-modules
comparison mod_http_upload_external/share_v2.php @ 3163:31b85864a615
share_v2.php: Add error logging
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Mon, 02 Jul 2018 12:55:59 +0100 |
parents | 3797be8f491f |
children | 5176b8d81ec7 |
comparison
equal
deleted
inserted
replaced
3162:3797be8f491f | 3163:31b85864a615 |
---|---|
69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); | 69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
70 | 70 |
71 $request_method = $_SERVER['REQUEST_METHOD']; | 71 $request_method = $_SERVER['REQUEST_METHOD']; |
72 | 72 |
73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') { | 73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') { |
74 error_log(var_export($_SERVER, TRUE)); | |
74 $upload_file_size = $_SERVER['CONTENT_LENGTH']; | 75 $upload_file_size = $_SERVER['CONTENT_LENGTH']; |
75 $upload_token = $_GET['v2']; | 76 $upload_token = $_GET['v2']; |
76 | 77 |
77 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) { | 78 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) { |
78 $upload_file_type = $_SERVER['CONTENT_TYPE']; | 79 $upload_file_type = $_SERVER['CONTENT_TYPE']; |
87 } | 88 } |
88 | 89 |
89 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET); | 90 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET); |
90 if(function_exists('hash_equals')) { | 91 if(function_exists('hash_equals')) { |
91 if(hash_equals($calculated_token, $upload_token) !== TRUE) { | 92 if(hash_equals($calculated_token, $upload_token) !== TRUE) { |
93 error_log("Token mismatch: calculated $calculated_token got $upload_token"); | |
92 header('HTTP/1.0 403 Forbidden'); | 94 header('HTTP/1.0 403 Forbidden'); |
93 exit; | 95 exit; |
94 } | 96 } |
95 } | 97 } |
96 else { | 98 else { |
97 if($upload_token !== $calculated_token) { | 99 if($upload_token !== $calculated_token) { |
100 error_log("Token mismatch: calculated $calculated_token got $upload_token"); | |
98 header('HTTP/1.0 403 Forbidden'); | 101 header('HTTP/1.0 403 Forbidden'); |
99 exit; | 102 exit; |
100 } | 103 } |
101 } | 104 } |
102 /* Open a file for writing */ | 105 /* Open a file for writing */ |