rawurl(de|en)coding moved to slot parameter storing and loading
This commit is contained in:
steckbrief
parent
9bd8c79f56
commit
c6da13b632
1 changed files with 15 additions and 3 deletions
|
|
@ -86,11 +86,11 @@ switch ($method) {
|
|||
if (!slotExists($slotUUID, $config)) {
|
||||
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
|
||||
}
|
||||
$slotParameters = require(getSlotFilePath($slotUUID, $config));
|
||||
if ($slotParameters['filename'] != $filename) { // Works because filename is rawurlencoded in slot store and filename is from PUT URL
|
||||
$slotParameters = loadSlotParameters($slotUUID, $config);
|
||||
if (!checkFilenameParameter($filename, $slotParameters)) {
|
||||
sendHttpReturnCodeAndJson(403, "Uploaded filename differs from requested slot filename.");
|
||||
}
|
||||
$uploadFilePath = getUploadFilePath($slotUUID, $config, rawurldecode($filename));
|
||||
$uploadFilePath = getUploadFilePath($slotUUID, $config, $slotParameters['filename']);
|
||||
if (file_exists($uploadFilePath)) {
|
||||
sendHttpReturnCodeAndJson(403, "The slot was already used.");
|
||||
}
|
||||
|
|
@ -127,6 +127,18 @@ function checkXmppServerKey($validXmppServerKeys, $xmppServerKey) {
|
|||
return false;
|
||||
}
|
||||
|
||||
function checkFilenameParameter($filename, $slotParameters) {
|
||||
$filename = rawurldecode($filename); // the filename is a http get parameter and therefore encoded
|
||||
return $slotParameters['filename'] == $filename;
|
||||
}
|
||||
|
||||
function loadSlotParameters($slotUUID, $config) {
|
||||
$slotParameters = require(getSlotFilePath($slotUUID, $config));
|
||||
$slotParameters['filename'] = rawurldecode($slotParameters['filename']);
|
||||
|
||||
return $slotParameters;
|
||||
}
|
||||
|
||||
function getMandatoryPostParameter($parameterName) {
|
||||
$parameter = $_POST[$parameterName];
|
||||
if (!isset($parameter) || is_null($parameter) || empty($parameter)) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue