svragv/sakisafe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sakisafe/http/upload.cgi
qorg11 ffd96c69cc
Modified the way that lainsafe stores files 
Now it creates a directory for the new file, with a random name, and
and stores the file with the original filename in there, so .tar.gz
issue is fixed.
2021-01-30 22:25:07 +01:00

84 lines
2 KiB
Perl
Executable file
Raw Blame History

#!/usr/bin/perl
# This file is part of lainsafe.
# lainsafe is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# lainsafe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with lainsafe. If not, see <https://www.gnu.org/licenses/>.
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use Time::HiRes qw(gettimeofday);
my $q = CGI->new;
my $filename = $q->param('file');
my $upload_dir = "files/";
print $q->header();
$size = $ENV{CONTENT_LENGTH};
# Configuration
our $MAX_SIZE = 1024*1024*100; # Change for your size
our $MAX_SIZE_MB = $MAX_SIZE / 1024 / 1024; # Don't change this
our @not_allowed_extensions = qw(sh out exe);
if ($filename eq "" || $ENV{REQUEST_METHOD} eq "GET") {
print("What are you looking for?");
exit;
}
if ($size > $MAX_SIZE) {
print("Max size for a file is $MAX_SIZE_MB MBs");
exit;
}
my @chars = ("A"..."z","a"..."z");
my $dirname;
my $extension = $filename;
$dirname .= $chars[rand @chars] for 1..8;
$extension =~ s/.*\.//;
$filename .= ".notcgi" if $extension eq "cgi";
mkdir("$upload_dir/$dirname");
my $upload_filehandle = $q->upload("file");
# onion urls will be http
my $prot = length $ENV{HTTPS} ? "https" : "http";
my $allowed_extension = 1;
foreach (@not_allowed_extensions) {
if ($filename =~ /\.$_$/i) {
$allowed_extension = 0;
last;
}
}
if ($allowed_extension) {
open(FILE,">$upload_dir/$dirname/$filename");
binmode(FILE);
while (<$upload_filehandle>) {
print FILE;
}
close FILE;
print $prot. "://" . $ENV{HTTP_HOST} . "/$upload_dir$dirname/$filename";
} else {
print "The file extension .$extension is not allowed in this instance.";
}
Reference in a new issue View git blame Copy permalink