blob: 38b47cb7630c0fcfbff46712149e5a65289f3a24 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
<?php
///
// NextCloudPi Web Panel backend
//
// Copyleft 2019 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
// GPL licensed (see end of file) * Use at your own risk!
//
// More at https://nextcloudpi.com
///
include ('csrf.php');
session_start();
// CSRF check
$token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : '';
if ( empty($token) || !validateCSRFToken($token) )
exit( '{ "output": "Unauthorized request. Try reloading the page" }' );
isset($_FILES['backup']) or exit( '{ "output": "no upload" }' );
$error=$_FILES['backup']['error'];
if ($error !== 0)
exit( '{ "output": "upload error ' . $error . '" }' );
$file_name = $_POST['csrf_token'] . basename($_FILES['backup']['name']);
$file_name = str_replace('/', '', $file_name);
$file_size = $_FILES['backup']['size'];
$file_tmp = $_FILES['backup']['tmp_name'];
$file_type = $_FILES['backup']['type'];
preg_match( '/\.\./' , $file_name, $matches )
and exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' );
if($file_size === 0)
$errors[]='No file';
$extension = pathinfo($file_name, PATHINFO_EXTENSION);
if ($extension !== "tar" and $extension !== "gz")
exit( '{ "output": "invalid file" }' );
if (!move_uploaded_file($file_tmp, sys_get_temp_dir() . '/' . $file_name))
exit('{ "output": "upload denied" }');
// return JSON
echo '{ "token": "' . getCSRFToken() . '",'; // Get new token
echo ' "ret": "0" }';
?>
|
