/**
* Create a new unique directory within the specified directory.
*
* @param string $basedir The directory to create your new unique directory within.
* @param bool $exceptiononerror throw exception if error encountered
* @return string The created directory
* @throws invalid_dataroot_permissions
*/
function make_unique_writable_directory($basedir, $exceptiononerror = true)
{
if (!is_dir($basedir) || !is_writable($basedir)) {
// The basedir is not writable. We will not be able to create the child directory.
if ($exceptiononerror) {
throw new invalid_dataroot_permissions($basedir . ' is not writable. Unable to create a unique directory within it.');
} else {
return false;
}
}
do {
// Generate a new (hopefully unique) directory name.
$uniquedir = $basedir . DIRECTORY_SEPARATOR . generate_uuid();
} while (is_writable($basedir) && !make_writable_directory($uniquedir, $exceptiononerror) && file_exists($uniquedir) && is_dir($uniquedir));
// Check that the directory was correctly created.
if (!file_exists($uniquedir) || !is_dir($uniquedir) || !is_writable($uniquedir)) {
if ($exceptiononerror) {
throw new invalid_dataroot_permissions('Unique directory creation failed.');
} else {
return false;
}
}
return $uniquedir;
}
/**
* @param $value
* @return string
*/
public function setUuidAttribute($value)
{
return $this->attributes['uuid'] = generate_uuid($value);
}
/**
* This function generates a unique token for the lock to use.
* It is important that this token is not solely based on time as this could lead
* to duplicates in a clustered environment (especially on VMs due to poor time precision).
*/
protected function generate_unique_token()
{
return generate_uuid();
}
/**
*
*/
public function setUuidAttribute()
{
$this->attributes['uuid'] = generate_uuid();
}
/**
* Create a new unique directory within the specified directory.
*
* @param string $basedir The directory to create your new unique directory within.
* @param bool $exceptiononerror throw exception if error encountered
* @return string The created directory
* @throws invalid_dataroot_permissions
*/
function make_unique_writable_directory($basedir, $exceptiononerror = true) {
if (!is_dir($basedir) || !is_writable($basedir)) {
// The basedir is not writable. We will not be able to create the child directory.
if ($exceptiononerror) {
throw new invalid_dataroot_permissions($basedir . ' is not writable. Unable to create a unique directory within it.');
} else {
return false;
}
}
do {
// Generate a new (hopefully unique) directory name.
$uniquedir = $basedir . DIRECTORY_SEPARATOR . generate_uuid();
} while (
// Ensure that basedir is still writable - if we do not check, we could get stuck in a loop here.
is_writable($basedir) &&
// Make the new unique directory. If the directory already exists, it will return false.
!make_writable_directory($uniquedir, $exceptiononerror) &&
// Ensure that the directory now exists
file_exists($uniquedir) && is_dir($uniquedir)
);
// Check that the directory was correctly created.
if (!file_exists($uniquedir) || !is_dir($uniquedir) || !is_writable($uniquedir)) {
if ($exceptiononerror) {
throw new invalid_dataroot_permissions('Unique directory creation failed.');
} else {
return false;
}
}
return $uniquedir;
}
<?php
include_once 'includes/config.php';
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
$upload_dir = UPLOAD_DIR;
$content_dir = CONTENT_DIR;
if (isset($_FILES['upl']) && $_FILES['upl']['error'] == 0) {
$org_filename = $_FILES['upl']['name'];
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
$uuid = generate_uuid();
if (!in_array(strtolower($extension), $allowed)) {
echo '{"error":"notAllowed"}';
exit;
}
if (move_uploaded_file($_FILES['upl']['tmp_name'], $upload_dir . $org_filename)) {
mkdir($content_dir . $uuid);
if (strtolower($extension) == "zip") {
if (unzip_file($upload_dir . $org_filename, $content_dir . $uuid)) {
unlink($upload_dir . $org_filename);
// parse unziped root folder
$dh = opendir($content_dir . $uuid);
while (false !== ($filename = readdir($dh))) {
if ($filename == "." || $filename == "..") {
continue;
} else {
$f_ext = pathinfo($filename, PATHINFO_EXTENSION);
$content_type = getContentType($f_ext);
if ($f_ext == "blend") {
// adding blendfile to Database
add_DBContent($mysqli, $filename, $uuid, "blender", $f_ext);
/**
* Generates a 32-byte base64-encoded random string safe for URLs.
*/
function generate_csrf_token()
{
return base64encode(generate_uuid(), true);
}
// check file name - return 406 (not acceptable) if file contains invalid characters
foreach ($config['invalid_characters_in_filename'] as $invalidCharacter) {
if (stripos($filename, $invalidCharacter) !== false) {
sendHttpReturnCodeAndJson(406, ['msg' => 'Invalid character found in filename.', 'err_code' => 3, 'parameters' => ['invalid_character' => $invalidCharacter]]);
}
}
// check file size - return 406 (not acceptable) if file too small
if ($filesize <= 0) {
sendHttpReturnCodeAndJson(406, ['msg' => 'File is empty.', 'err_code' => 1]);
}
// check file size - return 406 (not acceptable) if file too large
if ($filesize > $config['max_upload_file_size']) {
sendHttpReturnCodeAndJson(406, ['msg' => 'File too large.', 'err_code' => 2, 'parameters' => ['max_file_size' => $config['max_upload_file_size']]]);
}
// generate slot uuid, register slot uuid and expected file size and expected mime type
$slotUUID = generate_uuid();
registerSlot($slotUUID, $filename, $filesize, $mimeType, $userJid, $config);
if (!mkdir(getUploadFilePath($slotUUID, $config))) {
sendHttpReturnCodeAndJson(500, "Could not create directory for upload.");
}
// return 200 for success and get / put url Json formatted ( ['get'=>url, 'put'=>url] )
$result = ['put' => $config['base_url_put'] . $slotUUID . '/' . $filename, 'get' => $config['base_url_get'] . $slotUUID . '/' . $filename];
}
echo json_encode($result);
break;
case 'PUT':
// check slot uuid - return 403 if not existing
$uri = $_SERVER["REQUEST_URI"];
$slotUUID = getUUIDFromUri($uri);
$filename = getFilenameFromUri($uri);
if (!slotExists($slotUUID, $config)) {
