From 70fe1cac27f4e22f9dad8bf7e97620fec05d9c8b Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Fri, 17 Jan 2025 21:57:22 +0100 Subject: [PATCH] The show processing needs to be refactored #5 --- cms/assets.php | 690 ++++++++++++++++++++++++++++--------------------- 1 file changed, 391 insertions(+), 299 deletions(-) diff --git a/cms/assets.php b/cms/assets.php index 3962d81..91bbaaf 100644 --- a/cms/assets.php +++ b/cms/assets.php @@ -5,347 +5,439 @@ require "/home/hpr/php/include.php"; +date_default_timezone_set('UTC'); + // curl --netrc-file $HOME/.netrc --verbose --request POST https://hub.hackerpublicradio.org/cms/assets.php --data-ascii @assets.json --header "Content-Type: application/json" //Make sure that it is a POST request. -if(strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0){ +if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0 && strcasecmp($_SERVER['REQUEST_METHOD'], 'GET') != 0 ){ throw new Exception('Request method must be POST!'); } -//Make sure that the content type of the POST request has been set to application/json -$contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : ''; -if(strcasecmp($contentType, 'application/json') != 0){ - throw new Exception('Content type must be: application/json'); +if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'GET') == 0 ){ + executeGET(); } -//Receive the RAW post data. -$content = trim(file_get_contents("php://input")); -//Attempt to decode the incoming RAW post data from JSON. -$decoded = json_decode($content, true); - -//If json_decode failed, the JSON is invalid. -if(!is_array($decoded)){ - logextra( "Received content contained invalid JSON!" ); - naughty( "0e0e69415750c96f19d234f83270fdea" ); +if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0 ){ + executePOST(); } -foreach($decoded['assets'] as $asset) { +function executeGET() { + global $connection; - // Check episode_id + $asset_array = array (); - if ( isset( $asset['episode_id'] ) ) { - - $provided_episode_id = $asset['episode_id']; - - $provided_episode_id = filter_var($provided_episode_id, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - + if (isset($_GET['id'])) { + $id = $_GET['id']; $result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;'); if (!isset($result)) { - logextra( "Can't connect to db" ); - naughty( "4c85d7b9e1d2eb741cdb60fd9f97b852" ); + logextra( "unable to execute SELECT MAX(id) FROM eps;" ); + problem( "2f1497d7734f5dc7ce04e1a343cbd4cb" ); die('Could not query:' . mysqli_error()); } - $maxhost_array = mysqli_fetch_row( $result ); $maxhost = $maxhost_array[0]; $num_get_args=0; foreach($_GET as $k => $v) { ++$num_get_args; } - - if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) { - logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" ); - naughty( "b2babb5bebde79e08ddf3c780c56615d" ); + if ( (strval(intval($id)) != strval($id)) OR ( intval($id) <= 0 ) OR ( intval($id) > $maxhost ) OR ( $num_get_args > 1 ) ){ + logextra( "The id \"$id\" is not valid." ); + problem( "6b070390632e12a962338d2e31464f9f" ); + exit; } - - if ( intval($provided_episode_id) <= 0 ){ - logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" ); - naughty( "b245522d0582e61612e8b7dcdb0e0f4c" ); - } - - if ( intval($provided_episode_id) > $maxhost ){ - logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" ); - naughty( "c6feadcf0b6eda204cbfba6824aa2c7a" ); - } - - if ( $num_get_args > 1 ){ - logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" ); - naughty( "ba22518c5ced567cd0b855206985f036" ); - } - - $query = "SELECT id FROM eps WHERE id = '$provided_episode_id'"; + $query = "SELECT id FROM eps WHERE id = '$id'"; $result = @mysqli_query($connection, $query); if($result === FALSE) { - logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" ); - naughty( "fa0778750519cb140b4076c844b3ec78" ); + logextra( "Cud not run SELECT id FROM eps WHERE id = $id" ); + problem( "568dff032398640456d749135358a88b" ); } else { $db = mysqli_fetch_array($result, MYSQLI_ASSOC); if ( empty($db["id"]) ) { - logextra( "No result returned for this id:\"${id}\"" ); - naughty( "1e09df9f3896da3e80507ea4538a4aca" ); + logextra( "The \"$id\" is not in the database" ); + http_response_code(404); + die(); } } - $episode_id = $provided_episode_id; - logextra( "Found Valid \$episode_id: $episode_id" ); - + $ep_retrieve = "SELECT episode_id, filename, extension, `size`, sha1sum, mime_type + FROM assets + WHERE episode_id = '$id' + ORDER BY episode_id ASC;"; } else { - logextra( "No episode_id provided" ); - naughty( "eae535cc88680a5bdab4e7bb4e54d83e" ); - exit; - } - - // Check filename - - if ( isset( $asset['filename'] ) ) { - $provided_filename = $asset['filename']; - - $provided_filename = filter_var($provided_filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - - $this_dirname = dirname("$provided_filename", 2); - if ( empty($this_dirname) ) { - logextra( "no dirname" ); - naughty("b23ed28377cf4cf36cbf01931377ddc7"); - } - - if ( $this_dirname === "/" ) { - logextra( "dirname is root" ); - naughty("b90228a9c4d008eab57304bd36b75a08"); - } - - $this_basename = basename($provided_filename); - if ( empty($this_basename) ) { - logextra( "Cound not extract basename from filename: $provided_filename" ); - naughty("44b5022e3a32605c6b0afdf7699ed153"); - } - - if ( $this_basename !== $provided_filename ) { - logextra( "filename: $provided_filename does not match name:$this_basename" ); - naughty("832f0283544692bd6691e3802e67099c"); - } - - $this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION); - if ( empty($this_ext) ) { - logextra( "The extension for \"$provided_filename\" is empty" ); - naughty("63166ba6572ac51b47804d9787152903"); - } - - $this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME); - if ( empty($this_prefix) ) { - logextra( "The prefix for \"$provided_filename\" is empty" ); - naughty("9ad9a6b9e47e6960ff30442c3c808609"); - } - - if ( strlen($provided_filename) < 5 ) { - logextra( "The length of \"$provided_filename\" is less than 5" ); - naughty("e131ae01530f4098c299aaca0a6ee8e1"); - } - - if ( strlen($provided_filename) > 60 ) { - logextra( "The length of \"$provided_filename\" is greater than 60" ); - naughty("d90560ef4cac05954c93523d529ed20e"); - } - - if (!in_array( $this_ext, $allowed_extensions, true )) { - logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); - naughty("dd98c84719083fb80fecbd0405504038 $this_ext"); - } - - $filename = $provided_filename; - logextra( "Found Valid \$filename: $filename" ); - } - else { - logextra( "No filename provided" ); - naughty( "1edd3bcd2a16c152f0a97106372862f9" ); - exit; + $ep_retrieve = "SELECT episode_id, filename, extension, `size`, sha1sum, mime_type + FROM assets + ORDER BY episode_id ASC;"; } - // Check extension - - if ( isset( $asset['extension'] ) ) { - $provided_extension = $asset['extension']; - - $provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - if ( $provided_extension !== $this_ext ) { - logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" ); - naughty("ed58e1493aa56e0eaf50362cc6f64425"); + if ($result = mysqli_query($connection, $ep_retrieve)) { + while ($row = mysqli_fetch_array($result)) { + $episode_id = $row['episode_id']; + $filename = $row['filename']; + $extension = $row['extension']; + $size = $row['size']; + $sha1sum = $row['sha1sum']; + $mime_type = $row['mime_type']; + $asset_array["hpr$episode_id"][$filename] = array ( + "episode_id" => $episode_id, + "filename" => $filename, + "extension" => $extension, + "size" => $size, + "sha1sum" => $sha1sum, + "mime_type" => $mime_type + ); } - - if (!in_array( $provided_extension, $allowed_extensions, true )) { - logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); - naughty("dc406b9151871e38ac69c2bf44fa74da"); - } - $extension = $provided_extension; - logextra( "Found Valid \$extension: $extension" ); - } - else { - logextra( "No extension provided" ); - naughty( "04b53ecd0ffa3faa68db1e541554903d" ); - exit; - } - - // Check size - - if ( isset( $asset['size'] ) ) { - - $provided_size = $asset['size']; - - $provided_size = filter_var($provided_size, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - - if (strval(intval($provided_size)) != strval($provided_size)) { - logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" ); - naughty( "cc349935f0d80b40d5593b0fd54eaf58" ); - } - - if ( intval($provided_size) <= 0 ){ - logextra( "The provided size is not a valid number because intval($provided_size) <= 0" ); - naughty( "91c54771bcf68f974c9aa8959f953dd8" ); - } - - if ( intval($provided_size) > 3000000000 ){ - logextra( "The provided size is not a valid number because it's a lot larger than any show so far" ); - naughty( "8c085ec045b062e3a864e6fc22fceee4" ); - } - - $size = $provided_size; - logextra( "Found Valid \$size: $size" ); - } - else { - logextra( "No size provided" ); - naughty( "a6d661c483c6d62d4df1df88a64118ce" ); - exit; - } - - // Check sha1sum - - if ( isset( $asset['sha1sum'] ) ) { - - $provided_sha1sum = $asset['sha1sum']; - - $provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) { - logextra( "The format of the sha1sum is invalid $provided_sha1sum" ); - naughty( "e30c8db8a7e07ba69ef18f957f3e8843" ); - } - - $sha1sum = $provided_sha1sum; - logextra( "Found Valid \$sha1sum: $sha1sum" ); - } - else { - logextra( "No sha1sum provided" ); - naughty( "cd3d303dbefec08016d567080116ef77" ); - exit; } - // Check mime_type + header('Content-Type: application/json'); + header("Content-disposition: inline; filename=hpr_stats.json"); - if ( isset( $asset['mime_type'] ) ) { - - $provided_mime_type = $asset['mime_type']; - - $provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) { - logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" ); - naughty( "b36041a7d959730a9a541404db3b5025" ); - } - - list($content_type, $charset_type) = explode('; charset=', $provided_mime_type); - - if ( !isset( $content_type ) ) { - logextra( "Can't find content_type in \"$provided_mime_type\"" ); - naughty( "c28ac580f5281ab2d97cbf052c92a25c" ); - } + echo json_encode($asset_array); - if ( empty( $content_type ) ) { - logextra( "Empty content_type in \"$provided_mime_type\"" ); - naughty( "fcec6e4039bc60daede3434e24c97a9f" ); - } - - if (!in_array( $content_type, $allowed_content_type, true )) { - logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" ); - naughty("4f29dcd2b3ef7efc5c4bc65be7a787ca"); - } - - if ( !isset( $charset_type ) ) { - logextra( "Can't find charset_type in \"$provided_mime_type\"" ); - naughty( "" ); - } - - if ( empty( $charset_type ) ) { - logextra( "Empty charset_type in \"$provided_mime_type\"" ); - naughty( "" ); - } - - $allowed_charset_type = array( "binary", "us-ascii", "utf-8"); - if (!in_array( $charset_type, $allowed_charset_type, true )) { - logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" ); - naughty(""); - } - - $mime_type = $provided_mime_type; - logextra( "Found Valid \$mime_type: $mime_type" ); - } - else { - logextra( "No mime_type provided" ); - naughty( "0c85eb982665a4978fea8f85611fbe88" ); - exit; - } - - // Check file_type - - if ( isset( $asset['file_type'] ) ) { - $provided_file_type = $asset['file_type']; - - $provided_file_type = filter_var($provided_file_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); - - if ( strlen($provided_file_type) < 5 ) { - logextra( "The length of \"$provided_file_type\" is less than 5" ); - naughty("60839aaddc82e0fbe4f5da269c361cf6"); - } - - if ( strlen($provided_file_type) > 140 ) { - logextra( "The length of \"$provided_file_type\" is greater than 140" ); - naughty("cafbb1b0c9955b92303fe34102890fa3"); - } - - $file_type = $provided_file_type; - logextra( "Found Valid \$file_type: $file_type" ); - } - else { - logextra( "No file_type provided" ); - naughty( "a1b6a02d68533f9749da16164cbe704e" ); - exit; - } - - // Write values to db - - //$episode_id is a number - $filename = mysqli_real_escape_string( $connection, $filename ); - $extension = mysqli_real_escape_string( $connection, $extension ); - //$size is a number - $sha1sum = mysqli_real_escape_string( $connection, $sha1sum ); - $mime_type = mysqli_real_escape_string( $connection, $mime_type ); - $file_type = mysqli_real_escape_string( $connection, $file_type ); - - $query_replace = "REPLACE INTO assets VALUES ('$episode_id','{$filename}','{$extension}','$size','{$sha1sum}','{$mime_type}','{$file_type}')"; - - $result = mysqli_query($connection, $query_replace ); - if(!$result) { - problem("ERROR: DB problem - The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db."); - } - else{ - logextra( "mysql_query.result: \"$result\"\n" ); - } - if (mysqli_errno( $connection )) { - $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; - problem("ERROR: MySQL error- The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db.\n$error"); - } - - logextra( "Finished ." ); } -http_response_code(200); + +function executePOST() { + + //Make sure that the content type of the POST request has been set to application/json + $contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : ''; + if(strcasecmp($contentType, 'application/json') != 0){ + throw new Exception('Content type must be: application/json'); + } + + //Receive the RAW post data. + $content = trim(file_get_contents("php://input")); + + //Attempt to decode the incoming RAW post data from JSON. + $decoded = json_decode($content, true); + + //If json_decode failed, the JSON is invalid. + if(!is_array($decoded)){ + logextra( "Received content contained invalid JSON!" ); + problem( "0e0e69415750c96f19d234f83270fdea" ); + } + + foreach($decoded['assets'] as $asset) { + global $connection, $allowed_extensions, $allowed_content_type; + + // Check episode_id + + if ( isset( $asset['episode_id'] ) ) { + + $provided_episode_id = $asset['episode_id']; + + $provided_episode_id = filter_var($provided_episode_id, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + + $result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;'); + if (!isset($result)) { + logextra( "Can't connect to db" ); + problem( "4c85d7b9e1d2eb741cdb60fd9f97b852" ); + die('Could not query:' . mysqli_error()); + } + + $maxhost_array = mysqli_fetch_row( $result ); + $maxhost = $maxhost_array[0]; + $num_get_args=0; + foreach($_GET as $k => $v) { + ++$num_get_args; + } + + if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) { + logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" ); + problem( "b2babb5bebde79e08ddf3c780c56615d" ); + } + + if ( intval($provided_episode_id) <= 0 ){ + logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" ); + problem( "b245522d0582e61612e8b7dcdb0e0f4c" ); + } + + if ( intval($provided_episode_id) > $maxhost ){ + logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" ); + problem( "c6feadcf0b6eda204cbfba6824aa2c7a" ); + } + + if ( $num_get_args > 1 ){ + logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" ); + problem( "ba22518c5ced567cd0b855206985f036" ); + } + + $query = "SELECT id FROM eps WHERE id = '$provided_episode_id'"; + $result = @mysqli_query($connection, $query); + if($result === FALSE) { + logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" ); + problem( "fa0778750519cb140b4076c844b3ec78" ); + } + else { + $db = mysqli_fetch_array($result, MYSQLI_ASSOC); + if ( empty($db["id"]) ) { + logextra( "No result returned for this id:\"${id}\"" ); + problem( "1e09df9f3896da3e80507ea4538a4aca" ); + } + } + $episode_id = $provided_episode_id; + logextra( "Found Valid \$episode_id: $episode_id" ); + + } + else { + logextra( "No episode_id provided" ); + problem( "eae535cc88680a5bdab4e7bb4e54d83e" ); + exit; + } + + // Check filename + + if ( isset( $asset['filename'] ) ) { + $provided_filename = $asset['filename']; + + $provided_filename = filter_var($provided_filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + + $this_dirname = dirname("$provided_filename", 2); + if ( empty($this_dirname) ) { + logextra( "no dirname" ); + problem("b23ed28377cf4cf36cbf01931377ddc7"); + } + + if ( $this_dirname === "/" ) { + logextra( "dirname is root" ); + problem("b90228a9c4d008eab57304bd36b75a08"); + } + + $this_basename = basename($provided_filename); + if ( empty($this_basename) ) { + logextra( "Cound not extract basename from filename: $provided_filename" ); + problem("44b5022e3a32605c6b0afdf7699ed153"); + } + + if ( $this_basename !== $provided_filename ) { + logextra( "filename: $provided_filename does not match name:$this_basename" ); + problem("832f0283544692bd6691e3802e67099c"); + } + + $this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION); + if ( empty($this_ext) ) { + logextra( "The extension for \"$provided_filename\" is empty" ); + problem("63166ba6572ac51b47804d9787152903"); + } + + $this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME); + if ( empty($this_prefix) ) { + logextra( "The prefix for \"$provided_filename\" is empty" ); + problem("9ad9a6b9e47e6960ff30442c3c808609"); + } + + if ( strlen($provided_filename) < 5 ) { + logextra( "The length of \"$provided_filename\" is less than 5" ); + problem("e131ae01530f4098c299aaca0a6ee8e1"); + } + + if ( strlen($provided_filename) > 60 ) { + logextra( "The length of \"$provided_filename\" is greater than 60" ); + problem("d90560ef4cac05954c93523d529ed20e"); + } + + if (!in_array( $this_ext, $allowed_extensions, true )) { + logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); + problem("dd98c84719083fb80fecbd0405504038 $this_ext"); + } + + $filename = $provided_filename; + logextra( "Found Valid \$filename: $filename" ); + } + else { + logextra( "No filename provided" ); + problem( "1edd3bcd2a16c152f0a97106372862f9" ); + exit; + } + + // Check extension + + if ( isset( $asset['extension'] ) ) { + $provided_extension = $asset['extension']; + + $provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + if ( $provided_extension !== $this_ext ) { + logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" ); + problem("ed58e1493aa56e0eaf50362cc6f64425"); + } + + if (!in_array( $provided_extension, $allowed_extensions, true )) { + logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); + problem("dc406b9151871e38ac69c2bf44fa74da"); + } + $extension = $provided_extension; + logextra( "Found Valid \$extension: $extension" ); + } + else { + logextra( "No extension provided" ); + problem( "04b53ecd0ffa3faa68db1e541554903d" ); + exit; + } + + // Check size + + if ( isset( $asset['size'] ) ) { + + $provided_size = $asset['size']; + + $provided_size = filter_var($provided_size, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + + if (strval(intval($provided_size)) != strval($provided_size)) { + logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" ); + problem( "cc349935f0d80b40d5593b0fd54eaf58" ); + } + + if ( intval($provided_size) <= 0 ){ + logextra( "The provided size is not a valid number because intval($provided_size) <= 0" ); + problem( "91c54771bcf68f974c9aa8959f953dd8" ); + } + + if ( intval($provided_size) > 3000000000 ){ + logextra( "The provided size is not a valid number because it's a lot larger than any show so far" ); + problem( "8c085ec045b062e3a864e6fc22fceee4" ); + } + + $size = $provided_size; + logextra( "Found Valid \$size: $size" ); + } + else { + logextra( "No size provided" ); + problem( "a6d661c483c6d62d4df1df88a64118ce" ); + exit; + } + + // Check sha1sum + + if ( isset( $asset['sha1sum'] ) ) { + + $provided_sha1sum = $asset['sha1sum']; + + $provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) { + logextra( "The format of the sha1sum is invalid $provided_sha1sum" ); + problem( "e30c8db8a7e07ba69ef18f957f3e8843" ); + } + + $sha1sum = $provided_sha1sum; + logextra( "Found Valid \$sha1sum: $sha1sum" ); + } + else { + logextra( "No sha1sum provided" ); + problem( "cd3d303dbefec08016d567080116ef77" ); + exit; + } + + // Check mime_type + + if ( isset( $asset['mime_type'] ) ) { + + $provided_mime_type = $asset['mime_type']; + + $provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) { + logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" ); + problem( "b36041a7d959730a9a541404db3b5025" ); + } + + list($content_type, $charset_type) = explode('; charset=', $provided_mime_type); + + if ( !isset( $content_type ) ) { + logextra( "Can't find content_type in \"$provided_mime_type\"" ); + problem( "c28ac580f5281ab2d97cbf052c92a25c" ); + } + + if ( empty( $content_type ) ) { + logextra( "Empty content_type in \"$provided_mime_type\"" ); + problem( "fcec6e4039bc60daede3434e24c97a9f" ); + } + + if (!in_array( $content_type, $allowed_content_type, true )) { + logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" ); + problem("4f29dcd2b3ef7efc5c4bc65be7a787ca"); + } + + if ( !isset( $charset_type ) ) { + logextra( "Can't find charset_type in \"$provided_mime_type\"" ); + problem( "" ); + } + + if ( empty( $charset_type ) ) { + logextra( "Empty charset_type in \"$provided_mime_type\"" ); + problem( "" ); + } + + $allowed_charset_type = array( "binary", "us-ascii", "utf-8"); + if (!in_array( $charset_type, $allowed_charset_type, true )) { + logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" ); + problem(""); + } + + $mime_type = $provided_mime_type; + logextra( "Found Valid \$mime_type: $mime_type" ); + } + else { + logextra( "No mime_type provided" ); + problem( "0c85eb982665a4978fea8f85611fbe88" ); + exit; + } + + // Check file_type + + if ( isset( $asset['file_type'] ) ) { + $provided_file_type = $asset['file_type']; + + $provided_file_type = filter_var($provided_file_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + + if ( strlen($provided_file_type) < 5 ) { + logextra( "The length of \"$provided_file_type\" is less than 5" ); + problem("60839aaddc82e0fbe4f5da269c361cf6"); + } + + if ( strlen($provided_file_type) > 140 ) { + logextra( "The length of \"$provided_file_type\" is greater than 140" ); + problem("cafbb1b0c9955b92303fe34102890fa3"); + } + + $file_type = $provided_file_type; + logextra( "Found Valid \$file_type: $file_type" ); + } + else { + logextra( "No file_type provided" ); + problem( "a1b6a02d68533f9749da16164cbe704e" ); + exit; + } + + // Write values to db + + //$episode_id is a number + $filename = mysqli_real_escape_string( $connection, $filename ); + $extension = mysqli_real_escape_string( $connection, $extension ); + //$size is a number + $sha1sum = mysqli_real_escape_string( $connection, $sha1sum ); + $mime_type = mysqli_real_escape_string( $connection, $mime_type ); + $file_type = mysqli_real_escape_string( $connection, $file_type ); + + $query_replace = "REPLACE INTO assets VALUES ('$episode_id','{$filename}','{$extension}','$size','{$sha1sum}','{$mime_type}','{$file_type}')"; + + $result = mysqli_query($connection, $query_replace ); + if(!$result) { + problem("ERROR: DB problem - The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db."); + } + else{ + logextra( "mysql_query.result: \"$result\"\n" ); + } + if (mysqli_errno( $connection )) { + $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; + problem("ERROR: MySQL error- The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db.\n$error"); + } + + logextra( "Finished ." ); + } + + http_response_code(200); +} + ?>