+ unified request input manager
This commit is contained in:
parent
d3d7bb665d
commit
6d4a3ba11f
|
@ -1,24 +1,20 @@
|
|||
<?php
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
session_start();
|
||||
|
||||
// Request can only be GET
|
||||
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
|
||||
error("Only POST request allowed!", 401);
|
||||
}
|
||||
// Request can only be POST
|
||||
$input->whitelist_request_method("POST");
|
||||
|
||||
// Rewrap data assuming it is a JSON request
|
||||
if (empty($_POST)) {
|
||||
$_POST = json_decode(file_get_contents("php://input"), true);
|
||||
if (json_last_error() !== JSON_ERROR_NONE) {
|
||||
error("Could note decode JSON data: (" . json_last_error() . ") " . json_last_error_msg());
|
||||
}
|
||||
$_POST = $input->read_as_json();
|
||||
}
|
||||
|
||||
$token = $_POST["token"];
|
||||
$selection = $_POST["selection"];
|
||||
$action = $_POST["action"];
|
||||
$token = $input->post("token");
|
||||
$selection = $input->post("selection");
|
||||
$action = $input->post("action");
|
||||
|
||||
/**
|
||||
* Login check
|
||||
|
@ -104,7 +100,7 @@ if ($action === "delete") {
|
|||
}
|
||||
}
|
||||
} elseif ($action === "editTitle") {
|
||||
$value = $_POST["value"];
|
||||
$value = $input->post("value");
|
||||
|
||||
if (!isset($value) || !is_string($value)) {
|
||||
error("Missing input! Arguments needed: (selection or token), action and value", 400);
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
<?php
|
||||
require_once "../protected/config.php";
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
|
||||
header("Content-type: application/json");
|
||||
session_start();
|
||||
|
||||
// Request can only be GET
|
||||
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
|
||||
error("Only POST request allowed!", 401);
|
||||
}
|
||||
// Request can only be POST
|
||||
$input->whitelist_request_method("POST");
|
||||
|
||||
// Login check
|
||||
if (!isset($_SESSION["u_id"])) {
|
||||
|
@ -16,12 +16,12 @@ if (!isset($_SESSION["u_id"])) {
|
|||
}
|
||||
|
||||
// Make sure arguments exist
|
||||
$type = $_POST["type"];
|
||||
$type = $input->post("type");
|
||||
if (!isset($type)) error("Missing argument \"type\".", 401);
|
||||
|
||||
switch ($type) {
|
||||
case "video-thumbnail":
|
||||
$file_id = $_POST["id"];
|
||||
$file_id = $input->post("id");
|
||||
if (!isset($file_id)) error("Missing argument \"id\".", 401);
|
||||
|
||||
// Uploaded file size must not exceed 2gb
|
||||
|
@ -38,8 +38,8 @@ switch ($type) {
|
|||
|
||||
case "video-gif-upload":
|
||||
case "video-gif-stitch":
|
||||
$file_id = $_POST["id"];
|
||||
$chunk_number = $_POST["chunkNum"];
|
||||
$file_id = $input->post("id");
|
||||
$chunk_number = $input->post("chunkNum");
|
||||
if (!isset($file_id)) error("Missing argument \"id\".", 401);
|
||||
if (!isset($chunk_number)) error("Missing argument \"chunkNum\".", 401);
|
||||
|
||||
|
@ -102,7 +102,7 @@ switch ($type) {
|
|||
rename($stitch_path, $GLOBALS["upload_directory"] . $file_id . ".gif");
|
||||
|
||||
case "video-gif-too-big":
|
||||
$file_id = $_POST["id"];
|
||||
$file_id = $input->post("id");
|
||||
$sql = "UPDATE `" . $GLOBALS["table_prefix"] . "file_tasks` SET gif=0 WHERE id=?";
|
||||
$db->request($sql, "s", $file_id);
|
||||
break;
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
<?php
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
session_start();
|
||||
|
||||
// Request can only be GET
|
||||
if ($_SERVER["REQUEST_METHOD"] !== "GET") {
|
||||
error("Only GET request allowed!", 401);
|
||||
}
|
||||
$input->whitelist_request_method("GET");
|
||||
|
||||
// Make sure arguments exist
|
||||
$id = $_GET["id"];
|
||||
$id = $input->get("id");
|
||||
|
||||
if (!isset($id)) {
|
||||
error("Missing argument \"id\".", 401);
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
<?php
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
session_start();
|
||||
|
||||
// Request can only be GET
|
||||
if ($_SERVER["REQUEST_METHOD"] !== "GET") {
|
||||
error("Only GET request allowed!", 401);
|
||||
}
|
||||
$input->whitelist_request_method("GET");
|
||||
|
||||
// Login check
|
||||
if (!isset($_SESSION["u_id"])) {
|
||||
|
@ -14,7 +13,7 @@ if (!isset($_SESSION["u_id"])) {
|
|||
}
|
||||
|
||||
// Make sure arguments exist
|
||||
$type = $_GET["type"];
|
||||
$type = $input->get("type");
|
||||
|
||||
if (!isset($type)) {
|
||||
error("Missing argument \"type\".", 401);
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
<?php
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
session_start();
|
||||
|
||||
// Request can only be GET
|
||||
if ($_SERVER["REQUEST_METHOD"] !== "GET") {
|
||||
error("Only GET request allowed!", 401);
|
||||
}
|
||||
$input->whitelist_request_method("GET");
|
||||
|
||||
// Login check
|
||||
if (!isset($_SESSION["u_id"])) {
|
||||
|
@ -14,7 +13,7 @@ if (!isset($_SESSION["u_id"])) {
|
|||
}
|
||||
|
||||
// Retrieve everything above this timestamp
|
||||
$since = $_GET["since"];
|
||||
$since = $input->get("since");
|
||||
|
||||
if (isset($since)) {
|
||||
$result = $db->request("SELECT id, thumb_height, timestamp, title, extension FROM `" . $table_prefix . "files` WHERE timestamp > " . $since . " ORDER BY timestamp DESC");
|
||||
|
|
|
@ -2,9 +2,13 @@
|
|||
session_start();
|
||||
require_once "../protected/db.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
|
||||
$username = $_POST["username"];
|
||||
$password = $_POST["password"];
|
||||
// Request method can only be POST
|
||||
$input->whitelist_request_method("POST");
|
||||
|
||||
$username = $input->post("username");
|
||||
$password = $input->post("password");
|
||||
|
||||
if (!empty($_SESSION["u_id"])) {
|
||||
error("You are already logged in!");
|
||||
|
|
|
@ -1,19 +1,22 @@
|
|||
<?php
|
||||
require_once "../protected/config.php";
|
||||
require_once "../protected/input.inc.php";
|
||||
require_once "../protected/output.inc.php";
|
||||
session_start();
|
||||
|
||||
$loggedIn = isset($_SESSION["u_id"]);
|
||||
$secret = $_POST["secret"];
|
||||
$file = $_FILES["data"];
|
||||
// Request method can only be POST
|
||||
$input->whitelist_request_method("POST");
|
||||
|
||||
$secret = $input->post("secret");
|
||||
$file = $input->files("data");
|
||||
|
||||
// Check if key set or logged in
|
||||
if ((!isset($secret) || $secret !== UPLOAD_TOKEN) && !$loggedIn) {
|
||||
if ((!isset($secret) || $secret !== UPLOAD_TOKEN) && !isset($_SESSION["u_id"])) {
|
||||
error("Unauthorized", 401);
|
||||
}
|
||||
|
||||
// Size must not exceed 2gb
|
||||
if ($file["size"] > 1.342e+8 || !isset($file["size"])) {
|
||||
if (!isset($file) || !isset($file["size"]) || $file["size"] > 1.342e+8) {
|
||||
error("Either no file was provided or the size exceeded the predefined limit of the server.");
|
||||
}
|
||||
|
||||
|
@ -23,7 +26,7 @@ if ($file["error"] > 0) {
|
|||
}
|
||||
|
||||
require_once "../protected/uploaders/file.inc.php";
|
||||
$uploader = new FileUploader($file, $_POST["title"], $_POST["timestamp"]);
|
||||
$uploader = new FileUploader($file, $input->post("title"), $input->post("timestamp"));
|
||||
$uploader->upload();
|
||||
$urls = $uploader->get_url_info();
|
||||
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
<?php
|
||||
require_once "../protected/input.inc.php";
|
||||
|
||||
/**
|
||||
* PHP can leave notices behind for unset variables.
|
||||
* This input requester class avoids this by returning NULL for
|
||||
* requested parameters, which don't exist, instead of undefined.
|
||||
*/
|
||||
class Input
|
||||
{
|
||||
/**
|
||||
* $_GET input retrieval.
|
||||
*/
|
||||
function get($name)
|
||||
{
|
||||
return isset($_GET[$name]) ? $_GET[$name] : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Read input as JSON.
|
||||
*/
|
||||
function read_as_json()
|
||||
{
|
||||
$json = json_decode(file_get_contents("php://input"), true);
|
||||
if (json_last_error() !== JSON_ERROR_NONE) {
|
||||
error("Could note decode JSON data: (" . json_last_error() . ") " . json_last_error_msg());
|
||||
}
|
||||
|
||||
return $json;
|
||||
}
|
||||
|
||||
/**
|
||||
* $_POST input retrieval.
|
||||
*/
|
||||
function post($name)
|
||||
{
|
||||
return isset($_POST[$name]) ? $_POST[$name] : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* $_FILES input retrieval.
|
||||
*/
|
||||
function files($name)
|
||||
{
|
||||
return isset($_FILES[$name]) ? $_FILES[$name] : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Input retrieval based on which exists.
|
||||
*/
|
||||
function get_post($name)
|
||||
{
|
||||
return $this->get($name) ? $this->get($name) : $this->post($name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Lets only requests with the given request method through.
|
||||
* Else, the request will error out informing clients which method to use.
|
||||
*
|
||||
* @param string $method "GET", "POST", "PUT", "HEAD", "DELETE", "CONNECT", "OPTIONS", "TRACE", "PATCH"
|
||||
*/
|
||||
function whitelist_request_method($method = "GET")
|
||||
{
|
||||
if (!is_string($method) || empty($method)) return;
|
||||
if ($_SERVER["REQUEST_METHOD"] !== $method) {
|
||||
error("Only " . $method . " requests are allowed!", 401);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$input = new Input();
|
Loading…
Reference in New Issue