$v) { ++$num_get_args; } if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) { logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" ); naughty( "b2babb5bebde79e08ddf3c780c56615d" ); } if ( intval($provided_episode_id) <= 0 ){ logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" ); naughty( "b245522d0582e61612e8b7dcdb0e0f4c" ); } if ( intval($provided_episode_id) > $maxhost ){ logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" ); naughty( "c6feadcf0b6eda204cbfba6824aa2c7a" ); } if ( $num_get_args > 1 ){ logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" ); naughty( "ba22518c5ced567cd0b855206985f036" ); } $query = "SELECT id FROM eps WHERE id = '$provided_episode_id'"; $result = @mysqli_query($connection, $query); if($result === FALSE) { logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" ); naughty( "fa0778750519cb140b4076c844b3ec78" ); } else { $db = mysqli_fetch_array($result, MYSQLI_ASSOC); if ( empty($db["id"]) ) { logextra( "No result returned for this id:\"${id}\"" ); naughty( "1e09df9f3896da3e80507ea4538a4aca" ); } } $episode_id = $provided_episode_id; logextra( "Found Valid \$episode_id: $episode_id" ); } else { logextra( "No episode_id provided" ); naughty( "eae535cc88680a5bdab4e7bb4e54d83e" ); exit; } // Check filename if ( isset( $asset['filename'] ) ) { $provided_filename = $asset['filename']; $provided_filename = filter_var($provided_filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); $this_dirname = dirname("$provided_filename", 2); if ( empty($this_dirname) ) { logextra( "no dirname" ); naughty("b23ed28377cf4cf36cbf01931377ddc7"); } if ( $this_dirname === "/" ) { logextra( "dirname is root" ); naughty("b90228a9c4d008eab57304bd36b75a08"); } $this_basename = basename($provided_filename); if ( empty($this_basename) ) { logextra( "Cound not extract basename from filename: $provided_filename" ); naughty("44b5022e3a32605c6b0afdf7699ed153"); } if ( $this_basename !== $provided_filename ) { logextra( "filename: $provided_filename does not match name:$this_basename" ); naughty("832f0283544692bd6691e3802e67099c"); } $this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION); if ( empty($this_ext) ) { logextra( "The extension for \"$provided_filename\" is empty" ); naughty("63166ba6572ac51b47804d9787152903"); } $this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME); if ( empty($this_prefix) ) { logextra( "The prefix for \"$provided_filename\" is empty" ); naughty("9ad9a6b9e47e6960ff30442c3c808609"); } if ( strlen($provided_filename) < 5 ) { logextra( "The length of \"$provided_filename\" is less than 5" ); naughty("e131ae01530f4098c299aaca0a6ee8e1"); } if ( strlen($provided_filename) > 60 ) { logextra( "The length of \"$provided_filename\" is greater than 60" ); naughty("d90560ef4cac05954c93523d529ed20e"); } if (!in_array( $this_ext, $allowed_extensions, true )) { logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); naughty("dd98c84719083fb80fecbd0405504038"); } $filename = $provided_filename; logextra( "Found Valid \$filename: $filename" ); } else { logextra( "No filename provided" ); naughty( "1edd3bcd2a16c152f0a97106372862f9" ); exit; } // Check extension if ( isset( $asset['extension'] ) ) { $provided_extension = $asset['extension']; $provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); if ( $provided_extension !== $this_ext ) { logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" ); naughty("ed58e1493aa56e0eaf50362cc6f64425"); } if (!in_array( $provided_extension, $allowed_extensions, true )) { logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); naughty("dc406b9151871e38ac69c2bf44fa74da"); } $extension = $provided_extension; logextra( "Found Valid \$extension: $extension" ); } else { logextra( "No extension provided" ); naughty( "04b53ecd0ffa3faa68db1e541554903d" ); exit; } // Check size if ( isset( $asset['size'] ) ) { $provided_size = $asset['size']; $provided_size = filter_var($provided_size, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); if (strval(intval($provided_size)) != strval($provided_size)) { logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" ); naughty( "cc349935f0d80b40d5593b0fd54eaf58" ); } if ( intval($provided_size) <= 0 ){ logextra( "The provided size is not a valid number because intval($provided_size) <= 0" ); naughty( "91c54771bcf68f974c9aa8959f953dd8" ); } if ( intval($provided_size) > 3000000000 ){ logextra( "The provided size is not a valid number because it's a lot larger than any show so far" ); naughty( "8c085ec045b062e3a864e6fc22fceee4" ); } $size = $provided_size; logextra( "Found Valid \$size: $size" ); } else { logextra( "No size provided" ); naughty( "a6d661c483c6d62d4df1df88a64118ce" ); exit; } // Check sha1sum if ( isset( $asset['sha1sum'] ) ) { $provided_sha1sum = $asset['sha1sum']; $provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) { logextra( "The format of the sha1sum is invalid $provided_sha1sum" ); naughty( "e30c8db8a7e07ba69ef18f957f3e8843" ); } $sha1sum = $provided_sha1sum; logextra( "Found Valid \$sha1sum: $sha1sum" ); } else { logextra( "No sha1sum provided" ); naughty( "cd3d303dbefec08016d567080116ef77" ); exit; } // Check mime_type if ( isset( $asset['mime_type'] ) ) { $provided_mime_type = $asset['mime_type']; $provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) { logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" ); naughty( "b36041a7d959730a9a541404db3b5025" ); } list($content_type, $charset_type) = explode('; charset=', $provided_mime_type); if ( !isset( $content_type ) ) { logextra( "Can't find content_type in \"$provided_mime_type\"" ); naughty( "c28ac580f5281ab2d97cbf052c92a25c" ); } if ( empty( $content_type ) ) { logextra( "Empty content_type in \"$provided_mime_type\"" ); naughty( "fcec6e4039bc60daede3434e24c97a9f" ); } $allowed_content_type = array( "application/json", "application/octet-stream", "application/ogg", "audio/flac", "audio/mpeg", "audio/ogg", "audio/x-flac", "audio/x-wav", "image/jpeg", "image/png", "text/plain"); if (!in_array( $content_type, $allowed_content_type, true )) { logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" ); naughty("4f29dcd2b3ef7efc5c4bc65be7a787ca"); } if ( !isset( $charset_type ) ) { logextra( "Can't find charset_type in \"$provided_mime_type\"" ); naughty( "" ); } if ( empty( $charset_type ) ) { logextra( "Empty charset_type in \"$provided_mime_type\"" ); naughty( "" ); } $allowed_charset_type = array( "binary", "us-ascii", "utf-8"); if (!in_array( $charset_type, $allowed_charset_type, true )) { logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" ); naughty(""); } $mime_type = $provided_mime_type; logextra( "Found Valid \$mime_type: $mime_type" ); } else { logextra( "No mime_type provided" ); naughty( "0c85eb982665a4978fea8f85611fbe88" ); exit; } // Check file_type if ( isset( $asset['file_type'] ) ) { $provided_file_type = $asset['file_type']; $provided_file_type = filter_var($provided_file_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); if ( strlen($provided_file_type) < 5 ) { logextra( "The length of \"$provided_file_type\" is less than 5" ); naughty("60839aaddc82e0fbe4f5da269c361cf6"); } if ( strlen($provided_file_type) > 140 ) { logextra( "The length of \"$provided_file_type\" is greater than 140" ); naughty("cafbb1b0c9955b92303fe34102890fa3"); } $file_type = $provided_file_type; logextra( "Found Valid \$file_type: $file_type" ); } else { logextra( "No file_type provided" ); naughty( "a1b6a02d68533f9749da16164cbe704e" ); exit; } // Write values to db //$episode_id is a number $filename = mysqli_real_escape_string( $connection, $filename ); $extension = mysqli_real_escape_string( $connection, $extension ); //$size is a number $sha1sum = mysqli_real_escape_string( $connection, $sha1sum ); $mime_type = mysqli_real_escape_string( $connection, $mime_type ); $file_type = mysqli_real_escape_string( $connection, $file_type ); $query_replace = "REPLACE INTO assets VALUES ('$episode_id','{$filename}','{$extension}','$size','{$sha1sum}','{$mime_type}','{$file_type}')"; $result = mysqli_query($connection, $query_replace ); if(!$result) { problem("ERROR: DB problem - The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db."); } else{ logextra( "mysql_query.result: \"$result\"\n" ); } if (mysqli_errno( $connection )) { $error = "MySQL error ".mysqli_errno( $connection ).": ".mysqli_error()."\n"; problem("ERROR: MySQL error- The asset for \"$episode_id\" with filename of \"$filename\" was not added to the eps db.\n$error"); } logextra( "Finished ." ); } http_response_code(200); ?>