Mercurial > prosody-modules

comparison mod_http_upload_external/share.php @ 2979:9480ca61294d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_upload_external: Fix syntax error in share.php
author Matthew Wild <mwild1@gmail.com>
date Mon, 02 Apr 2018 15:00:57 +0100
parents 7036e82f83f5
children 5d35e6b409e0
comparison
equal deleted inserted replaced
2978:ac99a04231b1 2979:9480ca61294d
68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name); 68 $store_file_name = $CONFIG_STORE_DIR . '/store-' . hash('sha256', $upload_file_name);
69 69
70 $request_method = $_SERVER['REQUEST_METHOD']; 70 $request_method = $_SERVER['REQUEST_METHOD'];
71 71
72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') { 72 if(array_key_exists('v', $_GET) === TRUE && $request_method === 'PUT') {
73 $upload_file_size = $_SERVER['HTTP_CONTENT_LENGTH']; 73 $upload_file_size = $_SERVER['CONTENT_LENGTH'];
74 $upload_token = $_GET['v']; 74 $upload_token = $_GET['v'];
75 75
76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET); 76 $calculated_token = hash_hmac('sha256', "$upload_file_name $upload_file_size", $CONFIG_SECRET);
77 if($upload_token !== $calculated_token) { 77 if($upload_token !== $calculated_token) {
78 header('HTTP/1.0 403 Forbidden'); 78 header('HTTP/1.0 403 Forbidden');
102 // Send file (using X-Sendfile would be nice here...) 102 // Send file (using X-Sendfile would be nice here...)
103 if(file_exists($store_file_name)) { 103 if(file_exists($store_file_name)) {
104 header('Content-Disposition: attachment'); 104 header('Content-Disposition: attachment');
105 header('Content-Type: application/octet-stream'); 105 header('Content-Type: application/octet-stream');
106 header('Content-Length: '.filesize($store_file_name)); 106 header('Content-Length: '.filesize($store_file_name));
107 header('Content-Security-Policy: "default-src \'none\'"'); 107 header("Content-Security-Policy: \"default-src 'none'\"");
108 header('X-Content-Security-Policy: "default-src \'none\'"'); 108 header("X-Content-Security-Policy: \"default-src 'none'\"");
109 header('X-WebKit-CSP: "default-src 'none'"'); 109 header("X-WebKit-CSP: \"default-src 'none'\"");
110 if($request_method !== 'HEAD') { 110 if($request_method !== 'HEAD') {
111 readfile($store_file_name); 111 readfile($store_file_name);
112 } 112 }
113 } else { 113 } else {
114 header('HTTP/1.0 404 Not Found'); 114 header('HTTP/1.0 404 Not Found');