Only hash valid files, returns 404 when not found master
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Sun, 3 Dec 2017 18:04:07 +0000 (19:04 +0100)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Sun, 3 Dec 2017 18:04:07 +0000 (19:04 +0100)
webroot/squasher.class.php
webroot/squasher.php

index f59304e6b658f4638cc7d243fb1bead5660b6bf8..d83906f898ab6b0ce146892bad6b070efa49e8fc 100644 (file)
@@ -559,12 +559,14 @@ function read_single_file($path, $file) {
        if ($this->got_rights_array($path) > 0) {
                if (is_file($fsfilename.'.Completed'))
                        $ext='.Completed';
-               if (is_file($fsfilename.'.InProgress'))
+               elseif (is_file($fsfilename.'.InProgress'))
                        $ext='.InProgress';
-               if (is_file($fsfilename.'.Starting'))
+               elseif (is_file($fsfilename.'.Starting'))
                        $ext='.Starting';
-               if (is_file($fsfilename.'.Processed'))
+               elseif (is_file($fsfilename.'.Processed'))
                        $ext='.Processed';
+               else
+                       return false;
                $fsfilename .= $ext;
                $handle = @fopen($fsfilename, "rb");
                $sub_pos = strpos($file, $ext);
@@ -598,8 +600,10 @@ function read_single_file($path, $file) {
                        #$this->update_hash($h,$path."/".$config[$i][2]);
                        //check stats
                        $this->check_stats($h);
+                       return true;
                }
        }
+       return false;
 }
 
 
@@ -648,51 +652,51 @@ function read_directory($path, $getsubs=false, $getfirstfiles=true, $getdeepfile
                } elseif ($getfirstfiles) {
                        //squashed files
                        if ($this->got_rights_array($path) > 0) {
-                               if (strpos($filename, '.Completed') || strpos($filename, '.InProgress') || strpos($filename, '.Starting') || strpos($filename, '.Processed')) {
-                                       $i++;
-                                       $handle = @fopen($fsfilename, "rb");
-                                       if (strpos($file,'.Completed'))
-                                               $ext='.Completed';
-                                       if (strpos($file,'.InProgress'))
-                                               $ext='.InProgress';
-                                       if (strpos($file,'.Starting'))
-                                               $ext='.Starting';
-                                       if (strpos($file,'.Processed'))
-                                               $ext='.Processed';
-                                       $sub_pos = strpos($file, $ext);
-                                       $base_name = substr($file, 0, $sub_pos);
-                                       $filecontent = @fread($handle, @filesize($fsfilename));
-                                       $config[$i] = explode("\r\n", $filecontent);
-
-                                       /***
-                                       *       $config:: array
-                                       *       [0]     ->      versioncode
-                                       *       [1]     ->      date&time
-                                       *       [2]     ->      filename
-                                       *       [3]     ->      filesize
-                                       *       [4]     ->      chunksize
-                                       *       [5]     ->      chunkcount
-                                       *       [6]     ->      CRC32 checksum
-                                       ***/
-
-                                       if (@filesize($fsfilename) > 0) {
-                                               $h = md5($path."/".$config[$i][2]);
-                                               $this->configs[$h] = $config[$i];
-                                               $this->configs[$h]['squashed'] = true;
-                                               $this->configs[$h]['path'] = $path;
-                                               $this->configs[$h]['status'] = substr($ext, 1);
-                                               $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
-                                               $this->configs[$h]['hidden'] = is_file(SQUASHER_UPLOADS_DIR.$path.'/'.$base_name.'.hidden');
-                                               //to prevent dates of 1-1-1970 we set te dates of the config file
-                                               $this->configs[$h]['added'] = filectime($fsfilename);
-                                               $this->configs[$h]['lastchange'] = filemtime($fsfilename);
-                                               fclose($handle);
-                                               $this->populate_stats($path, $h);
-                                               //insert hash in db
-                                               $this->update_hash($h, $path."/".$config[$i][2]);
-                                               //check stats
-                                               $this->check_stats($h);
-                                       }
+                               if (strpos($file,'.Completed'))
+                                       $ext='.Completed';
+                               elseif (strpos($file,'.InProgress'))
+                                       $ext='.InProgress';
+                               elseif (strpos($file,'.Starting'))
+                                       $ext='.Starting';
+                               elseif (strpos($file,'.Processed'))
+                                       $ext='.Processed';
+                               else
+                                       continue;
+                               $i++;
+                               $handle = @fopen($fsfilename, "rb");
+                               $sub_pos = strpos($file, $ext);
+                               $base_name = substr($file, 0, $sub_pos);
+                               $filecontent = @fread($handle, @filesize($fsfilename));
+                               $config[$i] = explode("\r\n", $filecontent);
+
+                               /***
+                               *       $config:: array
+                               *       [0]     ->      versioncode
+                               *       [1]     ->      date&time
+                               *       [2]     ->      filename
+                               *       [3]     ->      filesize
+                               *       [4]     ->      chunksize
+                               *       [5]     ->      chunkcount
+                               *       [6]     ->      CRC32 checksum
+                               ***/
+
+                               if (@filesize($fsfilename) > 0) {
+                                       $h = md5($path."/".$config[$i][2]);
+                                       $this->configs[$h] = $config[$i];
+                                       $this->configs[$h]['squashed'] = true;
+                                       $this->configs[$h]['path'] = $path;
+                                       $this->configs[$h]['status'] = substr($ext, 1);
+                                       $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
+                                       $this->configs[$h]['hidden'] = is_file(SQUASHER_UPLOADS_DIR.$path.'/'.$base_name.'.hidden');
+                                       //to prevent dates of 1-1-1970 we set te dates of the config file
+                                       $this->configs[$h]['added'] = filectime($fsfilename);
+                                       $this->configs[$h]['lastchange'] = filemtime($fsfilename);
+                                       fclose($handle);
+                                       $this->populate_stats($path, $h);
+                                       //insert hash in db
+                                       $this->update_hash($h, $path."/".$config[$i][2]);
+                                       //check stats
+                                       $this->check_stats($h);
                                }
                        }
                }
index ad61604d15846803ce477803fab75d91ff0d2119..15740d6523bbb1991d4828e1085615605c11856a 100644 (file)
@@ -44,7 +44,11 @@ if (@$_GET['f']) {
        $_hpath_arr=explode("/", $f_o->file);
        $file=array_pop($_hpath_arr); //Remove filename
        $path=implode("/", $_hpath_arr);
-       $squashweb->read_single_file($path, $file);
+       if (!$squashweb->read_single_file($path, $file)) {
+               header('HTTP/1.0 404 Not found');
+               echo('<h1>No file with that hash</h1>');
+               exit();
+       }
        #$squashweb->read_directory($path, false, true, false, false);
 } else {
        //parse folders for readable files