5 Jappix - An open social platform
6 This is the Jappix Out of Band file send script
8 -------------------------------------------------
12 Last revision: 14/01/12
17 define('JAPPIX_BASE', '..');
19 // Get the needed files
20 require_once('./functions.php');
21 require_once('./read-main.php');
22 require_once('./read-hosts.php');
24 // Optimize the page rendering
28 // Not allowed for a special node
32 // Action on an existing file
33 if(isset($_GET['id']) && !empty($_GET['id'])) {
34 $file_id = $_GET['id'];
35 $file_path = JAPPIX_BASE.'/store/send/'.$file_id;
38 if(isset($_GET['name']) && !empty($_GET['name']))
39 $file_name = $_GET['name'];
41 $file_name = $file_id;
44 if(!isSafe($file_id)) {
45 header('Status: 406 Not Acceptable', true, 406);
46 exit('HTTP/1.1 406 Not Acceptable');
49 // File does not exist
50 if(!file_exists($file_path)) {
51 header('Status: 404 Not Found', true, 404);
52 exit('HTTP/1.1 404 Not Found');
56 if(isset($_GET['action']) && ($_GET['action'] == 'remove')) {
57 header('Status: 204 No Content', true, 204);
62 header("Content-disposition: attachment; filename=\"$file_name\"");
63 header("Content-Type: application/force-download");
64 header("Content-Length: ".filesize($file_path));
65 header("Pragma: no-cache");
66 header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
73 else if((isset($_FILES['file']) && !empty($_FILES['file'])) && (isset($_POST['id']) && !empty($_POST['id'])) && (isset($_POST['location']) && !empty($_POST['location']))) {
74 header('Content-Type: text/xml; charset=utf-8');
77 $tmp_filename = $_FILES['file']['tmp_name'];
78 $filename = $_FILES['file']['name'];
82 $location = HOST_UPLOAD;
84 $location = $_POST['location'];
86 // Get the file new name
87 $ext = getFileExt($filename);
88 $new_name = preg_replace('/(^)(.+)(\.)(.+)($)/i', '$2', $filename);
91 $name = sha1(time().$filename);
92 $path = JAPPIX_BASE.'/store/send/'.$name.'.'.$ext;
95 if(!isSafe($filename) || !isSafe($name.'.'.$ext)) {
97 '<jappix xmlns=\'jappix:file:send\'>
98 <error>forbidden-type</error>
99 <id>'.htmlspecialchars($_POST['id']).'</id>
104 // File upload error?
105 if(!is_uploaded_file($tmp_filename) || !move_uploaded_file($tmp_filename, $path)) {
107 '<jappix xmlns=\'jappix:file:send\'>
108 <error>move-error</error>
109 <id>'.htmlspecialchars($_POST['id']).'</id>
114 // Return the path to the file
116 '<jappix xmlns=\'jappix:file:send\'>
117 <url>'.htmlspecialchars($location.'php/send.php?id='.urlencode($name).'.'.urlencode($ext).'&name='.urlencode($filename)).'</url>
118 <desc>'.htmlspecialchars($new_name).'</desc>
119 <id>'.htmlspecialchars($_POST['id']).'</id>
126 header('Status: 400 Bad Request', true, 400);
127 exit('HTTP/1.1 400 Bad Request');