From 9a63d1abed608ecce689fa4e7409c498c8d827ff Mon Sep 17 00:00:00 2001
From: Horus3
Date: Wed, 12 Mar 2014 17:21:06 +0100
Subject: regex for detecting hyperlinks
---
www/upload.php | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/www/upload.php b/www/upload.php
index ed25d85..5c3f758 100644
--- a/www/upload.php
+++ b/www/upload.php
@@ -110,4 +110,12 @@ function upload($db){
}
}
+function web_upload($db){
+ $url = ;
+ if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
+ echo "hyperlink detected";
+ } else {
+ echo "no hyperlink";
+ }
+}
upload($db);
--
cgit v1.2.3
From 11f7f219b72c909cdbf74426e5095d9ee3ef8ec8 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Wed, 12 Mar 2014 19:32:07 +0100
Subject: fixed PHP's bug with empty()
---
www/functions/func_register.php | 14 +++++++-------
www/functions/func_select.php | 15 ++++++++-------
www/upload.php | 5 +++--
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/www/functions/func_register.php b/www/functions/func_register.php
index 3fc9949..10f1d5d 100644
--- a/www/functions/func_register.php
+++ b/www/functions/func_register.php
@@ -10,14 +10,14 @@ function register($db){
/* checking for empty password etc. */
if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
- header("Refresh: 0; register?reason=password");
+ header("Refresh: 0; /register?reason=password");
return false;
}
/* TODO: allow full unicode */
if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
- header("Refresh: 0; register?reason=encoding");
+ header("Refresh: 0; /register?reason=encoding");
return false;
}
@@ -27,14 +27,14 @@ function register($db){
/*Checks the validation of the registration attempt*/
$test_status_db = $db->query("SELECT status FROM user WHERE email='" . $safe_email . "';");
- $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
- $test_status_int = $test_status_arr[0];
+ $test_status_ar = $test_status_db->fetchArray(SQLITE3_NUM);
+ $test_status_int = $test_status_ar[0];
$test_key_db = $db->query("SELECT key FROM user WHERE email='" . $safe_email . "';");
- $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
- $test_key = $test_key_arr[0];
+ $test_key_ar = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_ar[0];
- if (empty($test_status_db) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
+ if (empty($test_status_ar) || $test_status_int != 0 || $test_key != $_POST["key"] || $test_key == ""){
header("Refresh: 0; /register?reason=prohibited");
return false;
} else {
diff --git a/www/functions/func_select.php b/www/functions/func_select.php
index dc649f2..4a803b2 100644
--- a/www/functions/func_select.php
+++ b/www/functions/func_select.php
@@ -13,21 +13,21 @@ function select($db){
}
$owner_db = $db->query("SELECT id FROM user WHERE name='" . SQLite3::escapeString($user) . "';");
- if(empty($owner_db)){
+ $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
+ if(empty($owner_ar)){
failure("This user doesn't exist.");
}
- $owner_ar = $owner_db->fetchArray(SQLITE3_NUM);
$owner = $owner_ar[0];
$folder_array_unsafe = explode("/",$_GET["folder"]);
$length = count($folder_array_unsafe);
$root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";");
- if(empty($root_db)){
+ $root_ar = $root_db->fetchArray(SQLITE3_NUM);
+ if(empty($root_ar)){
failure("There is something seriously wrong. If you are a human you should never read this. Mail the admin please.");
}
- $root_ar = $root_db->fetchArray(SQLITE3_NUM);
$root_id = $root_ar[0];
$parentdir = SQLite3::escapeString($root_id);
$temp_id = $root_id;
@@ -36,10 +36,12 @@ function select($db){
if(!empty($folder_array_unsafe[$i])){
$parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';");
- if(empty($parentdir_db)){
+
+ $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+ if(empty($prim_id)){
failure("Database error.");
}
- $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM);
+
if($parentdir != $prim_id[1]){
$wrong_folder = $folder_array_unsafe[$i];
@@ -70,7 +72,6 @@ function select($db){
$content[$count][6] = $row[6];
$content[$count][7] = $row[7];
$content[$count][8] = $row[8];
- //echo "" . $content[$count][3] . "
";
$count++;
}
diff --git a/www/upload.php b/www/upload.php
index 5c3f758..2858e72 100644
--- a/www/upload.php
+++ b/www/upload.php
@@ -67,7 +67,8 @@ function upload($db){
$filehash = hash_file("md5", $_FILES['userfile']['tmp_name']);
$hashtest_db = $db->query("SELECT hash FROM files WHERE hash='" . $filehash ."';");
- if(empty($hashtest_db)){
+ $hashtest_ar = $hashtest_ar->fetchArray(SQLITE3_NUM);
+ if(empty($hashtest_ar)){
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])){
@@ -110,7 +111,7 @@ function upload($db){
}
}
-function web_upload($db){
+function web_upload($db){ // no use atm
$url = ;
if(preg_match("/^((https?|ftp)?://|www\.|ftp\.)?([-a-z0-9+&@#/%?=~_|!:,.;]+\.)+[a-z]{2}[a-z]*/i", $url)){
echo "hyperlink detected";
--
cgit v1.2.3
From 246cd8a39c64c174171784fb891a6aca8e3c7dc4 Mon Sep 17 00:00:00 2001
From: oweissbarth
Date: Wed, 12 Mar 2014 19:32:21 +0100
Subject: Added all specified error messages
---
www/httperror.php | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/www/httperror.php b/www/httperror.php
index 5deff9f..58ac0cc 100644
--- a/www/httperror.php
+++ b/www/httperror.php
@@ -19,7 +19,30 @@
-
404
- Wow! I didn't see that coming...Well, I'm sorry...
+ 404';
+ echo 'Wow! I didn't see that coming...Well, I'm sorry...
';
+ echo '"'.$wrong_folder.'" wasn't found in "'. implode("/", $working_path)."/". '"
';
+
+ }elseif($_GET['e']==401){
+ echo ''.$_GET['e'].'
';
+ echo 'Restricted Area | Authorized Personnel only
';
+
+ }elseif($_GET['e']==403){
+ echo ''.$_GET['e'].'
';
+ echo 'I could do that. I choose not to...
';
+
+ }elseif($_GET['e']==500){
+ echo ''.$_GET['e'].'
';
+ echo 'Oops! No that didn't just happen. NO.... Fine, it's my fault and i feel bad.
';
+
+ }elseif($_GET['e']==502){
+ echo ''.$_GET['e'].'
';
+ echo 'A server i'm trying to contact is acting stupid. It's not my fault. I swear.
';
+
+ }elseif($_GET['e']==504){
+ echo ''.$_GET['e'].'
';
+ echo 'A server i'm trying to contact is insanely slow. I can't wait forever. I'm sorry!
';
+ }?>
--
cgit v1.2.3