aboutsummaryrefslogtreecommitdiffstats
path: root/mod/getfile.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-04-18 20:38:38 -0700
committerredmatrix <git@macgirvin.com>2016-04-18 20:38:38 -0700
commit2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289 (patch)
tree2376d950ba2bdc7753336a3e2b94865c95c238f2 /mod/getfile.php
parent2a61817bad96526994c0499f1fc0a843a9cc9405 (diff)
downloadvolse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.tar.gz
volse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.tar.bz2
volse-hubzilla-2a4e8972e0edfa3156d9ce54d68ce0e54c0ec289.zip
module updates
Diffstat (limited to 'mod/getfile.php')
-rw-r--r--mod/getfile.php97
1 files changed, 0 insertions, 97 deletions
diff --git a/mod/getfile.php b/mod/getfile.php
deleted file mode 100644
index c0916de79..000000000
--- a/mod/getfile.php
+++ /dev/null
@@ -1,97 +0,0 @@
-<?php
-
-/**
- * module: getfile
- *
- * used for synchronising files and photos across clones
- *
- * The site initiating the file operation will send a sync packet to known clones.
- * They will respond by building the DB structures they require, then will provide a
- * post request to this site to grab the file data. This is sent as a stream direct to
- * disk at the other end, avoiding memory issues.
- *
- * Since magic-auth cannot easily be used by the CURL process at the other end,
- * we will require a signed request which includes a timestamp. This should not be
- * used without SSL and is potentially vulnerable to replay if an attacker decrypts
- * the SSL traffic fast enough. The amount of time slop is configurable but defaults
- * to 3 minutes.
- *
- */
-
-
-
-require_once('include/Contact.php');
-require_once('include/attach.php');
-
-function getfile_post(&$a) {
-
- $hash = $_POST['hash'];
- $time = $_POST['time'];
- $sig = $_POST['signature'];
- $resource = $_POST['resource'];
- $revision = intval($_POST['revision']);
-
- if(! $hash)
- killme();
-
- $channel = channelx_by_hash($hash);
-
- if((! $channel) || (! $time) || (! $sig))
- killme();
-
- $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
- if($slop < 1)
- $slop = 3;
-
- $d1 = datetime_convert('UTC','UTC',"now + $slop minutes");
- $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
-
- if(($time > $d1) || ($time < $d2)) {
- logger('time outside allowable range');
- killme();
- }
-
- if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
- logger('verify failed.');
- killme();
- }
-
-
- $r = attach_by_hash($resource,$revision);
-
- if(! $r['success']) {
- notice( $r['message'] . EOL);
- return;
- }
-
-
- $unsafe_types = array('text/html','text/css','application/javascript');
-
- if(in_array($r['data']['filetype'],$unsafe_types)) {
- header('Content-type: text/plain');
- }
- else {
- header('Content-type: ' . $r['data']['filetype']);
- }
-
- header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
- if(intval($r['data']['os_storage'])) {
- $fname = dbunescbin($r['data']['data']);
- if(strpos($fname,'store') !== false)
- $istream = fopen($fname,'rb');
- else
- $istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb');
- $ostream = fopen('php://output','wb');
- if($istream && $ostream) {
- pipe_streams($istream,$ostream);
- fclose($istream);
- fclose($ostream);
- }
- }
- else
- echo dbunescbin($r['data']['data']);
- killme();
-
-
-
-} \ No newline at end of file