Mercurial > prosody-modules
comparison mod_http_upload_external/share.php @ 2972:67d6510c5f49
mod_http_upload_external: Use a more widespread method to obtain Content-Length (thanks Yves)
| author | Emmanuel Gil Peyrot <linkmauve@linkmauve.fr> |
|---|---|
| date | Fri, 30 Mar 2018 21:00:15 +0200 |
| parents | f86478a02b25 |
| children | 7036e82f83f5 |
comparison
equal
deleted
inserted
replaced
| 2971:c89be016a075 | 2972:67d6510c5f49 |
|---|---|
| 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); | 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); |
| 69 | 69 |
| 70 $request_method = $_SERVER['REQUEST_METHOD']; | 70 $request_method = $_SERVER['REQUEST_METHOD']; |
| 71 | 71 |
| 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { | 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { |
| 73 $headers = getallheaders(); | 73 $upload_file_size = $_SERVER['HTTP_CONTENT_LENGTH']; |
| 74 | |
| 75 $upload_file_size = $headers['Content-Length']; | |
| 76 $upload_token = $_GET['v']; | 74 $upload_token = $_GET['v']; |
| 77 | 75 |
| 78 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); | 76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); |
| 79 if($upload_token !== $calculated_token) { | 77 if($upload_token !== $calculated_token) { |
| 80 header('HTTP/1.0 403 Forbidden'); | 78 header('HTTP/1.0 403 Forbidden'); |