Modified the way that lainsafe stores files
Now it creates a directory for the new file, with a random name, and and stores the file with the original filename in there, so .tar.gz issue is fixed.
This commit is contained in:
qorg11
parent
bdc0246971
commit
ffd96c69cc
1 changed files with 33 additions and 41 deletions
|
|
@ -23,70 +23,62 @@ my $filename = $q->param('file');
|
|||
|
||||
my $upload_dir = "files/";
|
||||
print $q->header();
|
||||
|
||||
$size = $ENV{CONTENT_LENGTH};
|
||||
|
||||
# Configuration
|
||||
|
||||
our $MAX_SIZE = 1024*1024*100; # Change for your size
|
||||
our $MAX_SIZE = 1024*1024*100; # Change for your size
|
||||
our $MAX_SIZE_MB = $MAX_SIZE / 1024 / 1024; # Don't change this
|
||||
our @not_allowed_extensions = qw(sh out exe);
|
||||
|
||||
if($filename eq "" || $ENV{REQUEST_METHOD} eq "GET")
|
||||
{
|
||||
print("What are you looking for?");
|
||||
exit;
|
||||
if ($filename eq "" || $ENV{REQUEST_METHOD} eq "GET") {
|
||||
print("What are you looking for?");
|
||||
exit;
|
||||
}
|
||||
|
||||
if($size > $MAX_SIZE)
|
||||
{
|
||||
print("Max size for a file is $MAX_SIZE_MB MBs");
|
||||
exit;
|
||||
if ($size > $MAX_SIZE) {
|
||||
print("Max size for a file is $MAX_SIZE_MB MBs");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
my @chars = ("A"..."z","a"..."z");
|
||||
my $dirname;
|
||||
my $extension = $filename;
|
||||
$extension =~ s/.*\.//; # tar.gz sucks with this
|
||||
$extension = "notcgi" if $extension eq "cgi";
|
||||
# Get unix time in miliseconds
|
||||
my $string;
|
||||
$string = gettimeofday; # perl, what?
|
||||
$string =~ s/\.//g;
|
||||
|
||||
$dirname .= $chars[rand @chars] for 1..8;
|
||||
$extension =~ s/.*\.//;
|
||||
$filename .= ".notcgi" if $extension eq "cgi";
|
||||
|
||||
mkdir("$upload_dir/$dirname");
|
||||
my $upload_filehandle = $q->upload("file");
|
||||
|
||||
# onion urls will be http
|
||||
my $prot = length $ENV{HTTPS} ? "https" : "http";
|
||||
|
||||
|
||||
$filename = $string . "." . $extension;
|
||||
my $allowed_extension = 1;
|
||||
|
||||
foreach(@not_allowed_extensions)
|
||||
{
|
||||
if($filename =~ /\.$_$/i)
|
||||
{
|
||||
$allowed_extension = 0;
|
||||
last;
|
||||
}
|
||||
foreach (@not_allowed_extensions) {
|
||||
if ($filename =~ /\.$_$/i) {
|
||||
$allowed_extension = 0;
|
||||
last;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if($allowed_extension)
|
||||
{
|
||||
if ($allowed_extension) {
|
||||
|
||||
open(FILE,">$upload_dir/$filename");
|
||||
binmode(FILE);
|
||||
open(FILE,">$upload_dir/$dirname/$filename");
|
||||
binmode(FILE);
|
||||
|
||||
while(<$upload_filehandle>)
|
||||
{
|
||||
print FILE;
|
||||
}
|
||||
while (<$upload_filehandle>) {
|
||||
print FILE;
|
||||
}
|
||||
|
||||
close FILE;
|
||||
close FILE;
|
||||
|
||||
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$filename";
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
print "The file extension .$extension is not allowed in this instance.";
|
||||
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$dirname/$filename";
|
||||
} else {
|
||||
print "The file extension .$extension is not allowed in this instance.";
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue