comparison mod_http_upload_external/share_v2.php @ 3163:31b85864a615

share_v2.php: Add error logging
author Matthew Wild <mwild1@gmail.com>
date Mon, 02 Jul 2018 12:55:59 +0100
parents 3797be8f491f
children 5176b8d81ec7
comparison
equal deleted inserted replaced
3162:3797be8f491f 3163:31b85864a615
69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); 69 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name);
70 70
71 $request_method = $_SERVER['REQUEST_METHOD']; 71 $request_method = $_SERVER['REQUEST_METHOD'];
72 72
73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') { 73 if(array_key_exists('v2', $_GET) === TRUE && $request_method === 'PUT') {
74 error_log(var_export($_SERVER, TRUE));
74 $upload_file_size = $_SERVER['CONTENT_LENGTH']; 75 $upload_file_size = $_SERVER['CONTENT_LENGTH'];
75 $upload_token = $_GET['v2']; 76 $upload_token = $_GET['v2'];
76 77
77 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) { 78 if(array_key_exists('CONTENT_TYPE', $_SERVER) === TRUE) {
78 $upload_file_type = $_SERVER['CONTENT_TYPE']; 79 $upload_file_type = $_SERVER['CONTENT_TYPE'];
87 } 88 }
88 89
89 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET); 90 $calculated_token = hash_hmac('sha256', "$upload_file_name\0$upload_file_size\0$upload_file_type", $CONFIG_SECRET);
90 if(function_exists('hash_equals')) { 91 if(function_exists('hash_equals')) {
91 if(hash_equals($calculated_token, $upload_token) !== TRUE) { 92 if(hash_equals($calculated_token, $upload_token) !== TRUE) {
93 error_log("Token mismatch: calculated $calculated_token got $upload_token");
92 header('HTTP/1.0 403 Forbidden'); 94 header('HTTP/1.0 403 Forbidden');
93 exit; 95 exit;
94 } 96 }
95 } 97 }
96 else { 98 else {
97 if($upload_token !== $calculated_token) { 99 if($upload_token !== $calculated_token) {
100 error_log("Token mismatch: calculated $calculated_token got $upload_token");
98 header('HTTP/1.0 403 Forbidden'); 101 header('HTTP/1.0 403 Forbidden');
99 exit; 102 exit;
100 } 103 }
101 } 104 }
102 /* Open a file for writing */ 105 /* Open a file for writing */