/upload.php
PHP | 220 lines | 199 code | 16 blank | 5 comment | 40 complexity | 55775af7dd08814fa31df40fc3bf8f3f MD5 | raw file
- <?php
-
- require_once('rl_init.php');
- ignore_user_abort(true);
-
- login_check();
-
- include(CLASS_DIR.'http.php');
-
- if(!defined('CRLF')) define('CRLF',"\r\n");
- $_REQUEST['filename']= base64_decode($_REQUEST['filename']);
-
- // Check if requested upload file is within our $options['download_dir']
- // We put basename() because we are quite sure that no one is able to upload things besides the download directory normally
- // htmlentities() prevents XSS attacks
- $_REQUEST['filename'] = htmlentities($options['download_dir'].basename($_REQUEST['filename']));
- $_REQUEST['uploaded'] = htmlentities(trim($_REQUEST['uploaded']));
- // We want to check if the selected upload service is a valid ones
- $d = opendir ( HOST_DIR . "upload/" );
- while ( false !== ($modules = readdir ( $d )) ) {
- if ($modules != "." && $modules != "..") {
- if (is_file ( HOST_DIR . "upload/" . $modules )) {
- if (strpos ( $modules, ".index.php" ))
- include_once (HOST_DIR . "upload/" . $modules);
- }
- }
- }
- if (!in_array($_REQUEST['uploaded'],$upload_services) || !$_REQUEST['uploaded'] || !$_REQUEST['filename']) {
- html_error(lang(46));
- }
-
- $page_title = sprintf(lang(63),basename($_REQUEST['filename']),$_REQUEST['uploaded']);
- require(TEMPLATE_DIR.'/header.php');
-
- if (!file_exists($_REQUEST['filename'])) html_error(sprintf(lang(64),$_REQUEST['filename']));
-
- if (is_readable($_REQUEST['filename'])){
- $lfile = $_REQUEST['filename'];
- $lname = basename($lfile);
- } else html_error(sprintf(lang(65), $filename));
-
- $_GET['proxy'] = isset($_GET['proxy']) ? $_GET['proxy'] : ''; // EDIT HERE
-
- if (isset($_REQUEST['useuproxy']) && (empty($_REQUEST['uproxy']) || !strstr($_REQUEST['uproxy'], ':'))) {
- html_error(lang(324));
- } else {
- $proxy = $_REQUEST['uproxy'];
- }
-
- if (!empty($_REQUEST['upauth'])) {
- $pauth = $_REQUEST['upauth'];
- } else {
- $pauth = (!empty($_REQUEST['uproxyuser']) && !empty($_REQUEST['uproxypass'])) ? base64_encode($_REQUEST['uproxyuser'] . ':' . $_REQUEST['uproxypass']) : '';
- }
-
- $fsize = getSize($lfile);
-
- echo '<script type="text/javascript">var orlink="' . basename($_REQUEST['filename']) . ' to ' . $_REQUEST['uploaded'] . '";</script>';
-
- if (file_exists("hosts/upload/".$_REQUEST['uploaded'].".php")){
- include_once("hosts/upload/".$_REQUEST['uploaded'].".index.php");
- if ($max_file_size[$_REQUEST['uploaded']]!=false)
- if ($fsize > $max_file_size[$_REQUEST['uploaded']]*1024*1024)
- html_error(lang(66));
- include_once("hosts/upload/".$page_upload[$_REQUEST['uploaded']]);
- }
- else html_error(lang(67));
-
- if (!empty($download_link) || !empty($delete_link) || !empty($stat_link) || !empty($adm_link)) {
- echo "\n<table width=100% border=0>";
- echo (!empty($download_link) ? '<tr><td width="100" nowrap="nowrap" align="right"><b>' . lang(68) . ':</b><td width="80%"><input value="' . htmlspecialchars($download_link, ENT_QUOTES) . '" class="upstyles-dllink" readonly="readonly" /></tr>' : '');
- echo (!empty($delete_link) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(69) . ':<td width="80%"><input value="' . htmlspecialchars($delete_link, ENT_QUOTES) . '" class="upstyles-dellink" readonly="readonly" /></tr>' : '');
- echo (!empty($stat_link) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(70) . ':<td width="80%"><input value="' . htmlspecialchars($stat_link, ENT_QUOTES) . '" class="upstyles-statlink" readonly="readonly" /></tr>' : '');
- echo (!empty($adm_link) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(71) . ':<td width="80%"><input value="' . htmlspecialchars($adm_link, ENT_QUOTES) . '" class="upstyles-admlink" readonly="readonly" /></tr>': '');
- echo (!empty($user_id) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(72) . ':<td width="80%"><input value="' . htmlspecialchars($user_id, ENT_QUOTES) . '" class="upstyles-userid" readonly="readonly" /></tr>': '');
- echo (!empty($ftp_uplink) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(73) . ':<td width="80%"><input value="' . htmlspecialchars($ftp_uplink, ENT_QUOTES) . '" class="upstyles-ftpuplink" readonly="readonly" /></tr>': '');
- echo (!empty($access_pass) ? '<tr><td width="100" nowrap="nowrap" align="right">' . lang(74) . ':<td width="80%"><input value="' . htmlspecialchars($access_pass, ENT_QUOTES) . '" class="upstyles-accesspass" readonly="readonly" /></tr>': '');
- echo "</table>\n";
-
- if (!file_exists(trim($lfile).".upload.html") && !isset($_GET['auul']) && !$options['upload_html_disable']) {
- $html_header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <title>'.lang(75).'</title>
- <style type="text/css">
- body {
- font-family: tahoma, arial, "times New Roman", georgia, verdana, sans-serif;
- font-size: 11px;
- color: #333333;
- background-color: #EFF0F4;
- margin: 0px;
- padding: 0px;
- }
- .linktitle {
- width: 576px;
- background-color: #C291F9;
- text-align: center;
- padding:3px;
- margin-top: 25px;
- margin-right: auto;
- margin-bottom: 0;
- margin-left: auto;
- border-top-width: 1px;
- border-right-width: 1px;
- border-bottom-width: 0px;
- border-left-width: 1px;
- border-top-style: solid;
- border-right-style: solid;
- border-bottom-style: solid;
- border-left-style: solid;
- border-top-color: #C7C4FB;
- border-right-color: #C7C4FB;
- border-bottom-color: #C7C4FB;
- border-left-color: #C7C4FB;
- }
- .bluefont {
- color: #0E078F;
- font-family: tahoma, arial, "times New Roman", georgia, verdana, sans-serif;
- font-size: 11px;
- }
- hr {
- border-top-width: 0px;
- border-right-width: 0px;
- border-bottom-width: 0px;
- border-left-width: 0px;
- border-top-style: solid;
- height: 1px;
- background-color: #046FC6;
- color: #046FC6;
- border-right-style: solid;
- border-bottom-style: solid;
- border-left-style: solid;
- width: 90%;
- }
- .host .links {
- width: 95%;
- margin:0 auto;
- text-align:left;
- padding:3px 0 3px 10px;
- border: 1px dashed #666666;
- background-color: #F2F1FE;
- }
- .host {
- width: 600px;
- margin: 10px auto 10px;
- }
- .host .links a {
- text-decoration:none;
- color: #666666;
- font-size: 11px;
- }
- .host .links a:hover {
- text-decoration:none;
- color:#E8740B
- }
- .host .title {
- width: 95%;
- margin:0 auto;
- text-align:left;
- padding:3px 0 3px 10px;
- background-color: #C7C4FB;
- color: #000000;
- border-top-width: 1px;
- border-right-width: 1px;
- border-bottom-width: 0px;
- border-left-width: 1px;
- border-top-style: dashed;
- border-right-style: dashed;
- border-bottom-style: dashed;
- border-left-style: dashed;
- border-top-color: #333333;
- border-right-color: #333333;
- border-bottom-color: #333333;
- border-left-color: #333333;
- font-size: 12px;
- font-family: Georgia, "Times New Roman", Times, serif;
- }
- </style>
- </head>
- <body>';
- write_file(trim($lfile).".upload.html", $html_header.sprintf(lang(76),$lname,bytesToKbOrMb($fsize)), 0);
- if (!$options['upload_html_disable']) {
- $html_content = '<div class="host"><div class="title"><strong>'.$_REQUEST['uploaded'].'</strong> - <span class="bluefont">'.date("Y-m-d H:i:s").'</span></div>
- <div class="links">'.
- (!empty($download_link) ? '<strong>'.lang(68).': <a href="'.htmlspecialchars($download_link).'" target="_blank">'.htmlspecialchars($download_link).' </a></strong>' : '').
- (!empty($delete_link) ? '<br />'.lang(69).': <a href="'.htmlspecialchars($delete_link).'" target="_blank">'.htmlspecialchars($delete_link).' </a>' : '').
- (!empty($stat_link) ? '<br />'.lang(70).': <a href="'.htmlspecialchars($stat_link).'" target="_blank">'.htmlspecialchars($stat_link).' </a>' : '').
- (!empty($adm_link) ? '<br />'.lang(71).': <a href="'.htmlspecialchars($adm_link).'" target="_blank">'.htmlspecialchars($adm_link).' </a>' : '').
- (!empty($user_id) ? '<br />'.lang(72).': <a href="'.htmlspecialchars($user_id).'" target="_blank">'.htmlspecialchars($user_id).' </a>' : '').
- (!empty($access_pass) ? '<br />'.lang(74).': <a href="'.htmlspecialchars($access_pass).'" target="_blank">'.htmlspecialchars($access_pass).' </a>' : '').
- (!empty($ftp_uplink) ? '<br />'.lang(73).': <a href="'.htmlspecialchars($ftp_uplink).'" target="_blank">'.htmlspecialchars($ftp_uplink).' </a>' : '').
- '</div></div>';
- write_file(trim($lfile).".upload.html", $html_content, 0);
- }
- }
- }
- echo $not_done ? "" : '<p><center><b><a href="javascript:window.close();">'.lang(77).'</a></b></center>';
- ?>
- </body>
- </html>
- <?php
- if (isset($_GET['auul'])) {
- ?><script type="text/javascript">parent.nextlink<?php echo $_GET['auul']; ?>();</script><?php
- // Write links to a file
- $file = DOWNLOAD_DIR.'myuploads.txt'; // Obviously it was a mistake not making it a variable earlier
- if (!$options['myuploads_disable']) {
- if (empty($_GET['save_style']) || $_GET['save_style'] == lang(51)) {
- $dash = "";
- for ($i=0;$i<=80;$i++) $dash.="=";
- write_file($file, "$lname$nn$dash$nn$download_link$nn$nn", 0);
- } else {
- $save_style = base64_decode($_GET['save_style']);
- $save_style = str_replace('{link}',$download_link,$save_style);
- $save_style = str_replace('{name}',$lname,$save_style);
- write_file($file, "$save_style$nn", 0);
- }
- }
- }
- ?>