2024-10-21 17:35:20 +02:00
|
|
|
<?php
|
|
|
|
|
# request.php > request_confirm.php > upload.php > upload_confirm.php
|
2024-12-24 17:25:14 +01:00
|
|
|
|
|
|
|
|
## Recent Changes
|
|
|
|
|
# Support multiple mirrors
|
|
|
|
|
|
2024-10-21 17:35:20 +02:00
|
|
|
require "/home/hpr/php/include.php";
|
|
|
|
|
|
|
|
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
|
|
|
|
2025-01-14 17:46:28 +01:00
|
|
|
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' && $_SERVER['REQUEST_METHOD'] !== 'HEAD' ) {
|
2024-10-21 17:35:20 +02:00
|
|
|
naughty("34522f7b9ba88b319afa9f063b98905c");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( empty($_SERVER["REMOTE_ADDR"]) ) {
|
|
|
|
|
naughty("021dbd5f91f40918ea68fd0ca1a2e381");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( count($_GET) !== 1 ) {
|
|
|
|
|
naughty("f5df1c0d9accb7868e601b60cf2f5c06");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( isset($_GET["filename"]) ) {
|
|
|
|
|
|
|
|
|
|
$filename = $_GET["filename"];
|
|
|
|
|
if ( empty($filename) ) {
|
|
|
|
|
naughty("ef50f1353583f371903daba3abc9b3a4");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$filename = filter_var($filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
|
|
|
|
|
|
|
|
|
|
$dirname = dirname("$filename", 2);
|
|
|
|
|
if ( empty($dirname) ) {
|
|
|
|
|
naughty("71b6b14eef459e0404311257dad8ffe4");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $dirname === "/" ) {
|
|
|
|
|
naughty("9e342e30b911e1ac3c5e831a6da6116b");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !(
|
|
|
|
|
strcmp($dirname, "/correspondents") === 0 or
|
|
|
|
|
strcmp($dirname, "/eps") === 0 or
|
|
|
|
|
strcmp($dirname, "/series") === 0 )
|
|
|
|
|
) {
|
|
|
|
|
naughty("f157a8f5fedc7282c7a6469931223dbf");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$name = basename($filename); // To get file name
|
|
|
|
|
if ( empty($name) ) {
|
|
|
|
|
naughty("27ece7c2dba5caa5885ef40737270fd3");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ext = pathinfo($filename, PATHINFO_EXTENSION); // To get extension
|
|
|
|
|
if ( empty($ext) ) {
|
|
|
|
|
naughty("c6a4329fe2f3c2c739ec666e956c2c5f");
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-24 17:25:14 +01:00
|
|
|
$prefix = pathinfo($filename, PATHINFO_FILENAME); // File name without extension
|
2024-10-21 17:35:20 +02:00
|
|
|
if ( empty($prefix) ) {
|
|
|
|
|
naughty("f398399ec10ec9ab4b5b23ae43f21b01");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( strlen($filename) < 5 ) {
|
|
|
|
|
naughty("f78bf180af9239fc7fcf5fbc2b13b59b");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( strlen($filename) > 60 ) {
|
|
|
|
|
naughty("38e9a0cf7f650ac62e75c08269c9d913");
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-24 17:25:14 +01:00
|
|
|
if (!in_array( $ext, $allowed_extensions, true )) {
|
|
|
|
|
logextra( "This extension $this_ext, is not in the list of allowed_extensions" );
|
2024-10-21 17:35:20 +02:00
|
|
|
naughty("545e49f7ac913863c6c3db40670ebb9d");
|
|
|
|
|
}
|
2024-12-24 17:25:14 +01:00
|
|
|
|
2024-10-21 17:35:20 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
naughty("0b78322e1c5010ba289c20250ca1fb1f");
|
|
|
|
|
}
|
|
|
|
|
|
2024-12-24 17:25:14 +01:00
|
|
|
if (
|
|
|
|
|
strcmp($dirname, "/eps") === 0 and
|
|
|
|
|
in_array( $ext, $allowed_extensions_common, true )
|
|
|
|
|
) {
|
|
|
|
|
$mirrors = array_merge($ccdn_hosts_common, $ccdn_hosts_complete);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$mirrors = $ccdn_hosts_complete;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$mirror = 'https://' . $mirrors[ array_rand($mirrors, 1) ];
|
|
|
|
|
|
|
|
|
|
$pos = strpos($mirror, 'archive.org');
|
|
|
|
|
|
|
|
|
|
if ($pos !== false) {
|
|
|
|
|
$path = $mirror . '/download/' . $prefix . '/' . $name;
|
|
|
|
|
} else {
|
|
|
|
|
$path = $mirror . $filename;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
logextra( "Sending request to ${path}" );
|
|
|
|
|
|
|
|
|
|
header("location:${path}");
|
2024-10-21 17:35:20 +02:00
|
|
|
|
|
|
|
|
?>
|
