nilsteampassnet /
TeamPass
@@ -74,7 +74,7 @@ discard block |
||
| 74 | 74 | ) { |
| 75 | 75 | // Not allowed page |
| 76 | 76 | $session->set('system-error_code', ERR_NOT_ALLOWED); |
| 77 | - include $SETTINGS['cpassman_dir'] . '/error.php'; |
|
| 77 | + include $SETTINGS['cpassman_dir'].'/error.php'; |
|
| 78 | 78 | exit; |
| 79 | 79 | } |
| 80 | 80 | |
@@ -107,7 +107,7 @@ discard block |
||
| 107 | 107 | $post_isNewItem = $request->request->filter('isNewItem', null, FILTER_SANITIZE_NUMBER_INT); |
| 108 | 108 | $post_randomId = $request->request->filter('randomId', null, FILTER_SANITIZE_NUMBER_INT); |
| 109 | 109 | $post_isPersonal = $request->request->filter('isPersonal', null, FILTER_SANITIZE_NUMBER_INT); |
| 110 | -$post_fileSize= $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT); |
|
| 110 | +$post_fileSize = $request->request->filter('file_size', null, FILTER_SANITIZE_NUMBER_INT); |
|
| 111 | 111 | $chunk = $request->request->filter('chunk', 0, FILTER_SANITIZE_NUMBER_INT); |
| 112 | 112 | $chunks = $request->request->filter('chunks', 0, FILTER_SANITIZE_NUMBER_INT); |
| 113 | 113 | $fileName = $request->request->filter('name', '', FILTER_SANITIZE_FULL_SPECIAL_CHARS); |
@@ -122,10 +122,10 @@ discard block |
||
| 122 | 122 | $unit = strtoupper(substr(trim($POST_MAX_SIZE), -1)); // Assurez-vous de bien gérer les espaces éventuels |
| 123 | 123 | $units = ['G' => 1073741824, 'M' => 1048576, 'K' => 1024]; |
| 124 | 124 | $multiplier = $units[$unit] ?? 1; // Vérifie si l'unité est dans le tableau, sinon 1 |
| 125 | - $maxSize = (int)$POST_MAX_SIZE * $multiplier; |
|
| 125 | + $maxSize = (int) $POST_MAX_SIZE * $multiplier; |
|
| 126 | 126 | |
| 127 | 127 | // CHeck if the POST is too big |
| 128 | - if (!empty($_SERVER['CONTENT_LENGTH']) && (int)$_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) { |
|
| 128 | + if (!empty($_SERVER['CONTENT_LENGTH']) && (int) $_SERVER['CONTENT_LENGTH'] > $maxSize && $maxSize > 0) { |
|
| 129 | 129 | handleAttachmentError('POST exceeded maximum allowed size.', 111, 413); |
| 130 | 130 | } |
| 131 | 131 | |
@@ -134,7 +134,7 @@ discard block |
||
| 134 | 134 | handleAttachmentError('File exceeds the maximum allowed size', 120, 413); |
| 135 | 135 | die(); |
| 136 | 136 | } |
| 137 | - if (WIP === true) error_log('POST_MAX_SIZE: ' . $POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize); |
|
| 137 | + if (WIP === true) error_log('POST_MAX_SIZE: '.$POST_MAX_SIZE." - CONTENT_LENGTH: ".$_SERVER['CONTENT_LENGTH']." - UNIT: ".$unit." - MAX: ".$maxSize." - MULTIPLIER: ".$multiplier." - FILE_SIZE: ".$post_fileSize); |
|
| 138 | 138 | |
| 139 | 139 | // delete expired tokens |
| 140 | 140 | DB::delete(prefixTable('tokens'), 'end_timestamp < %i', time()); |
@@ -185,7 +185,7 @@ discard block |
||
| 185 | 185 | // check if token is expired |
| 186 | 186 | $data = DB::queryFirstRow( |
| 187 | 187 | 'SELECT end_timestamp |
| 188 | - FROM ' . prefixTable('tokens') . ' |
|
| 188 | + FROM ' . prefixTable('tokens').' |
|
| 189 | 189 | WHERE user_id = %i AND token = %s', |
| 190 | 190 | $session->get('user-id'), |
| 191 | 191 | $post_user_token |
@@ -218,7 +218,7 @@ discard block |
||
| 218 | 218 | |
| 219 | 219 | // HTTP headers for no cache etc |
| 220 | 220 | header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); |
| 221 | -header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); |
|
| 221 | +header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); |
|
| 222 | 222 | header('Cache-Control: no-store, no-cache, must-revalidate'); |
| 223 | 223 | header('Cache-Control: post-check=0, pre-check=0', false); |
| 224 | 224 | |
@@ -256,7 +256,7 @@ discard block |
||
| 256 | 256 | // Validate file name (for our purposes we'll just remove invalid characters) |
| 257 | 257 | $file_name = preg_replace('[^A-Za-z0-9]', '', strtolower(basename($_FILES['file']['name']))); |
| 258 | 258 | if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) { |
| 259 | - handleAttachmentError('Invalid file name: ' . $file_name . '.', 114); |
|
| 259 | + handleAttachmentError('Invalid file name: '.$file_name.'.', 114); |
|
| 260 | 260 | } |
| 261 | 261 | |
| 262 | 262 | // Validate file extension |
@@ -266,8 +266,8 @@ discard block |
||
| 266 | 266 | $ext, |
| 267 | 267 | explode( |
| 268 | 268 | ',', |
| 269 | - $SETTINGS['upload_docext'] . ',' . $SETTINGS['upload_imagesext'] . |
|
| 270 | - ',' . $SETTINGS['upload_pkgext'] . ',' . $SETTINGS['upload_otherext'] |
|
| 269 | + $SETTINGS['upload_docext'].','.$SETTINGS['upload_imagesext']. |
|
| 270 | + ','.$SETTINGS['upload_pkgext'].','.$SETTINGS['upload_otherext'] |
|
| 271 | 271 | ) |
| 272 | 272 | ) === false |
| 273 | 273 | ) { |
@@ -279,24 +279,24 @@ discard block |
||
| 279 | 279 | |
| 280 | 280 | // Clean the fileName for security reasons |
| 281 | 281 | $fileInfo = pathinfo($fileName); |
| 282 | -$fileName = base64_encode($fileInfo['filename']) . '.' . $fileInfo['extension']; |
|
| 282 | +$fileName = base64_encode($fileInfo['filename']).'.'.$fileInfo['extension']; |
|
| 283 | 283 | $fileFullSize = 0; |
| 284 | 284 | |
| 285 | 285 | // Make sure the fileName is unique but only if chunking is disabled |
| 286 | -if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) { |
|
| 286 | +if ($chunks < 2 && file_exists($targetDir.DIRECTORY_SEPARATOR.$fileName)) { |
|
| 287 | 287 | $ext = strrpos($fileName, '.'); |
| 288 | 288 | $fileNameA = substr($fileName, 0, $ext); |
| 289 | 289 | $fileNameB = substr($fileName, $ext); |
| 290 | 290 | |
| 291 | 291 | $count = 1; |
| 292 | - while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileNameA . '_' . $count . $fileNameB)) { |
|
| 292 | + while (file_exists($targetDir.DIRECTORY_SEPARATOR.$fileNameA.'_'.$count.$fileNameB)) { |
|
| 293 | 293 | ++$count; |
| 294 | 294 | } |
| 295 | 295 | |
| 296 | - $fileName = $fileNameA . '_' . $count . $fileNameB; |
|
| 296 | + $fileName = $fileNameA.'_'.$count.$fileNameB; |
|
| 297 | 297 | } |
| 298 | 298 | |
| 299 | -$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; |
|
| 299 | +$filePath = $targetDir.DIRECTORY_SEPARATOR.$fileName; |
|
| 300 | 300 | |
| 301 | 301 | // Create target dir |
| 302 | 302 | if (file_exists($targetDir) === false) { |
@@ -310,7 +310,7 @@ discard block |
||
| 310 | 310 | // Remove old temp files |
| 311 | 311 | if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) { |
| 312 | 312 | while (($file = readdir($dir)) !== false) { |
| 313 | - $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; |
|
| 313 | + $tmpfilePath = $targetDir.DIRECTORY_SEPARATOR.$file; |
|
| 314 | 314 | |
| 315 | 315 | // Remove temp file if it is older than the max age and is not the current file |
| 316 | 316 | if ( |
@@ -412,7 +412,7 @@ discard block |
||
| 412 | 412 | prefixTable('files'), |
| 413 | 413 | array( |
| 414 | 414 | 'id_item' => $post_itemId, |
| 415 | - 'name' => 'b64:' . $fileName, // add "b64:" prefix to indicate that the file name is base64 encoded |
|
| 415 | + 'name' => 'b64:'.$fileName, // add "b64:" prefix to indicate that the file name is base64 encoded |
|
| 416 | 416 | 'size' => $post_fileSize, |
| 417 | 417 | 'extension' => $fileInfo['extension'], |
| 418 | 418 | 'type' => $_FILES['file']['type'], |
@@ -429,8 +429,8 @@ discard block |
||
| 429 | 429 | // This is a public object |
| 430 | 430 | $users = DB::query( |
| 431 | 431 | 'SELECT id, public_key |
| 432 | - FROM ' . prefixTable('users') . ' |
|
| 433 | - WHERE id NOT IN ("' . OTV_USER_ID . '","' . SSH_USER_ID . '","' . API_USER_ID . '") |
|
| 432 | + FROM ' . prefixTable('users').' |
|
| 433 | + WHERE id NOT IN ("' . OTV_USER_ID.'","'.SSH_USER_ID.'","'.API_USER_ID.'") |
|
| 434 | 434 | AND public_key != ""' |
| 435 | 435 | ); |
| 436 | 436 | foreach ($users as $user) { |
@@ -464,14 +464,14 @@ discard block |
||
| 464 | 464 | 'date' => time(), |
| 465 | 465 | 'id_user' => $session->get('user-id'), |
| 466 | 466 | 'action' => 'at_modification', |
| 467 | - 'raison' => 'at_add_file : ' . $fileName . ':' . $newID, |
|
| 467 | + 'raison' => 'at_add_file : '.$fileName.':'.$newID, |
|
| 468 | 468 | ) |
| 469 | 469 | ); |
| 470 | 470 | } |
| 471 | 471 | } |
| 472 | 472 | |
| 473 | 473 | // Return JSON-RPC response |
| 474 | -die('{"jsonrpc" : "2.0", "result" : null, "id" : "' . $newID . '"}'); |
|
| 474 | +die('{"jsonrpc" : "2.0", "result" : null, "id" : "'.$newID.'"}'); |
|
| 475 | 475 | |
| 476 | 476 | /** |
| 477 | 477 | * Handle errors and kill script. |
@@ -76,7 +76,7 @@ discard block |
||
| 76 | 76 | ) { |
| 77 | 77 | // Not allowed page |
| 78 | 78 | $session->set('system-error_code', ERR_NOT_ALLOWED); |
| 79 | - include $SETTINGS['cpassman_dir'] . '/error.php'; |
|
| 79 | + include $SETTINGS['cpassman_dir'].'/error.php'; |
|
| 80 | 80 | exit; |
| 81 | 81 | } |
| 82 | 82 | |
@@ -118,19 +118,19 @@ discard block |
||
| 118 | 118 | $get_filename = str_replace('"', '\"', $get_filename); |
| 119 | 119 | |
| 120 | 120 | // Use Content-Disposition header with double quotes around filename |
| 121 | -header('Content-Disposition: attachment; filename="' . rawurldecode($get_filename) . '"'); |
|
| 121 | +header('Content-Disposition: attachment; filename="'.rawurldecode($get_filename).'"'); |
|
| 122 | 122 | header('Content-Type: application/octet-stream'); |
| 123 | 123 | header('Cache-Control: must-revalidate, no-cache, no-store'); |
| 124 | 124 | header('Expires: 0'); |
| 125 | 125 | if (null !== $request->query->get('pathIsFiles') && (int) $get_pathIsFiles === 1) { |
| 126 | - readfile($SETTINGS['path_to_files_folder'] . '/' . basename($get_filename)); |
|
| 126 | + readfile($SETTINGS['path_to_files_folder'].'/'.basename($get_filename)); |
|
| 127 | 127 | } else { |
| 128 | 128 | // get file key |
| 129 | 129 | $file_info = DB::queryFirstRow( |
| 130 | 130 | 'SELECT f.id AS id, f.file AS file, f.name AS name, f.status AS status, f.extension AS extension, |
| 131 | 131 | s.share_key AS share_key |
| 132 | - FROM ' . prefixTable('files') . ' AS f |
|
| 133 | - INNER JOIN ' . prefixTable('sharekeys_files') . ' AS s ON (f.id = s.object_id) |
|
| 132 | + FROM ' . prefixTable('files').' AS f |
|
| 133 | + INNER JOIN ' . prefixTable('sharekeys_files').' AS s ON (f.id = s.object_id) |
|
| 134 | 134 | WHERE s.user_id = %i AND s.object_id = %i', |
| 135 | 135 | $session->get('user-id'), |
| 136 | 136 | $get_fileid |
@@ -149,7 +149,7 @@ discard block |
||
| 149 | 149 | // if not encrypted |
| 150 | 150 | $file_info = DB::queryFirstRow( |
| 151 | 151 | 'SELECT f.id AS id, f.file AS file, f.name AS name, f.status AS status, f.extension AS extension |
| 152 | - FROM ' . prefixTable('files') . ' AS f |
|
| 152 | + FROM ' . prefixTable('files').' AS f |
|
| 153 | 153 | WHERE f.id = %i', |
| 154 | 154 | $get_fileid |
| 155 | 155 | ); |
@@ -157,28 +157,28 @@ discard block |
||
| 157 | 157 | } |
| 158 | 158 | |
| 159 | 159 | // Set the filename of the download |
| 160 | - $filename = str_replace('b64:','', $file_info['name']); |
|
| 160 | + $filename = str_replace('b64:', '', $file_info['name']); |
|
| 161 | 161 | $filename = basename($filename, '.'.$file_info['extension']); |
| 162 | 162 | $filename = isBase64($filename) === true ? base64_decode($filename) : $filename; |
| 163 | - $filename = $filename . '.' . $file_info['extension']; |
|
| 163 | + $filename = $filename.'.'.$file_info['extension']; |
|
| 164 | 164 | // Get the full path to the file to be downloaded |
| 165 | - if (file_exists($SETTINGS['path_to_upload_folder'] . '/' .TP_FILE_PREFIX . $file_info['file'])) { |
|
| 166 | - $filePath = $SETTINGS['path_to_upload_folder'] . '/' . TP_FILE_PREFIX . $file_info['file']; |
|
| 165 | + if (file_exists($SETTINGS['path_to_upload_folder'].'/'.TP_FILE_PREFIX.$file_info['file'])) { |
|
| 166 | + $filePath = $SETTINGS['path_to_upload_folder'].'/'.TP_FILE_PREFIX.$file_info['file']; |
|
| 167 | 167 | } else { |
| 168 | - $filePath = $SETTINGS['path_to_upload_folder'] . '/' . TP_FILE_PREFIX . base64_decode($file_info['file']); |
|
| 168 | + $filePath = $SETTINGS['path_to_upload_folder'].'/'.TP_FILE_PREFIX.base64_decode($file_info['file']); |
|
| 169 | 169 | } |
| 170 | 170 | $filePath = realpath($filePath); |
| 171 | 171 | |
| 172 | - if (WIP === true) error_log('downloadFile.php: filePath: ' . $filePath." - "); |
|
| 172 | + if (WIP === true) error_log('downloadFile.php: filePath: '.$filePath." - "); |
|
| 173 | 173 | |
| 174 | 174 | if ($filePath && is_readable($filePath) && strpos($filePath, realpath($SETTINGS['path_to_upload_folder'])) === 0) { |
| 175 | 175 | header('Content-Description: File Transfer'); |
| 176 | 176 | header('Content-Type: application/octet-stream'); |
| 177 | - header('Content-Disposition: attachment; filename="' . basename($filename) . '"'); |
|
| 177 | + header('Content-Disposition: attachment; filename="'.basename($filename).'"'); |
|
| 178 | 178 | header('Expires: 0'); |
| 179 | 179 | header('Cache-Control: must-revalidate'); |
| 180 | 180 | header('Pragma: public'); |
| 181 | - header('Content-Length: ' . filesize($filePath)); |
|
| 181 | + header('Content-Length: '.filesize($filePath)); |
|
| 182 | 182 | flush(); // Clear system output buffer |
| 183 | 183 | if (empty($fileContent) === true) { |
| 184 | 184 | // deepcode ignore PT: File and path are secured directly inside the function decryptFile() |
