kdmurrayhpr/hpr_hub
0
0
Fork 0
forked from HPR/hpr_hub
Code Pull Requests Activity

The show processing needs to be refactored #5

Browse Source
This commit is contained in:
Ken Fallon
2025-01-17 21:57:22 +01:00
parent 1a748c01f6
commit 70fe1cac27
1 changed files with 391 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
cms/assets.php
View File

@@ -5,13 +5,102 @@
require "/home/hpr/php/include.php"; require "/home/hpr/php/include.php";
date_default_timezone_set('UTC');
// curl --netrc-file $HOME/.netrc --verbose --request POST https://hub.hackerpublicradio.org/cms/assets.php --data-ascii @assets.json --header "Content-Type: application/json" // curl --netrc-file $HOME/.netrc --verbose --request POST https://hub.hackerpublicradio.org/cms/assets.php --data-ascii @assets.json --header "Content-Type: application/json"
//Make sure that it is a POST request. //Make sure that it is a POST request.
if(strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0){ if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0 && strcasecmp($_SERVER['REQUEST_METHOD'], 'GET') != 0 ){
throw new Exception('Request method must be POST!'); throw new Exception('Request method must be POST!');
} }
if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'GET') == 0 ){
executeGET();
}
if ( strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0 ){
executePOST();
}
function executeGET() {
global $connection;
$asset_array = array ();
if (isset($_GET['id'])) {
$id = $_GET['id'];
$result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;');
if (!isset($result)) {
logextra( "unable to execute SELECT MAX(id) FROM eps;" );
problem( "2f1497d7734f5dc7ce04e1a343cbd4cb" );
die('Could not query:' . mysqli_error());
}
$maxhost_array = mysqli_fetch_row( $result );
$maxhost = $maxhost_array[0];
$num_get_args=0;
foreach($_GET as $k => $v) {
++$num_get_args;
}
if ( (strval(intval($id)) != strval($id)) OR ( intval($id) <= 0 ) OR ( intval($id) > $maxhost ) OR ( $num_get_args > 1 ) ){
logextra( "The id \"$id\" is not valid." );
problem( "6b070390632e12a962338d2e31464f9f" );
exit;
}
$query = "SELECT id FROM eps WHERE id = '$id'";
$result = @mysqli_query($connection, $query);
if($result === FALSE) {
logextra( "Cud not run SELECT id FROM eps WHERE id = $id" );
problem( "568dff032398640456d749135358a88b" );
}
else {
$db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["id"]) ) {
logextra( "The \"$id\" is not in the database" );
http_response_code(404);
die();
}
}
$ep_retrieve = "SELECT episode_id, filename, extension, `size`, sha1sum, mime_type
FROM assets
WHERE episode_id = '$id'
ORDER BY episode_id ASC;";
}
else {
$ep_retrieve = "SELECT episode_id, filename, extension, `size`, sha1sum, mime_type
FROM assets
ORDER BY episode_id ASC;";
}
if ($result = mysqli_query($connection, $ep_retrieve)) {
while ($row = mysqli_fetch_array($result)) {
$episode_id = $row['episode_id'];
$filename = $row['filename'];
$extension = $row['extension'];
$size = $row['size'];
$sha1sum = $row['sha1sum'];
$mime_type = $row['mime_type'];
$asset_array["hpr$episode_id"][$filename] = array (
"episode_id" => $episode_id,
"filename" => $filename,
"extension" => $extension,
"size" => $size,
"sha1sum" => $sha1sum,
"mime_type" => $mime_type
);
}
}
header('Content-Type: application/json');
header("Content-disposition: inline; filename=hpr_stats.json");
echo json_encode($asset_array);
}
function executePOST() {
//Make sure that the content type of the POST request has been set to application/json //Make sure that the content type of the POST request has been set to application/json
$contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : ''; $contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : '';
if(strcasecmp($contentType, 'application/json') != 0){ if(strcasecmp($contentType, 'application/json') != 0){
@@ -27,10 +116,11 @@ $decoded = json_decode($content, true);
//If json_decode failed, the JSON is invalid. //If json_decode failed, the JSON is invalid.
if(!is_array($decoded)){ if(!is_array($decoded)){
logextra( "Received content contained invalid JSON!" ); logextra( "Received content contained invalid JSON!" );
naughty( "0e0e69415750c96f19d234f83270fdea" ); problem( "0e0e69415750c96f19d234f83270fdea" );
} }
foreach($decoded['assets'] as $asset) { foreach($decoded['assets'] as $asset) {
global $connection, $allowed_extensions, $allowed_content_type;
// Check episode_id // Check episode_id
@@ -43,7 +133,7 @@ foreach($decoded['assets'] as $asset) {
$result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;'); $result = mysqli_query($connection, 'SELECT MAX(id) FROM eps;');
if (!isset($result)) { if (!isset($result)) {
logextra( "Can't connect to db" ); logextra( "Can't connect to db" );
naughty( "4c85d7b9e1d2eb741cdb60fd9f97b852" ); problem( "4c85d7b9e1d2eb741cdb60fd9f97b852" );
die('Could not query:' . mysqli_error()); die('Could not query:' . mysqli_error());
} }
@@ -56,35 +146,35 @@ foreach($decoded['assets'] as $asset) {
if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) { if (strval(intval($provided_episode_id)) != strval($provided_episode_id)) {
logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" ); logextra( "ID is not a valid number because strval(intval($provided_episode_id)) != strval($provided_episode_id))" );
naughty( "b2babb5bebde79e08ddf3c780c56615d" ); problem( "b2babb5bebde79e08ddf3c780c56615d" );
} }
if ( intval($provided_episode_id) <= 0 ){ if ( intval($provided_episode_id) <= 0 ){
logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" ); logextra( "ID is not a valid number because intval($provided_episode_id) <= 0" );
naughty( "b245522d0582e61612e8b7dcdb0e0f4c" ); problem( "b245522d0582e61612e8b7dcdb0e0f4c" );
} }
if ( intval($provided_episode_id) > $maxhost ){ if ( intval($provided_episode_id) > $maxhost ){
logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" ); logextra( "ID is not a valid number because intval($provided_episode_id) > $maxhost" );
naughty( "c6feadcf0b6eda204cbfba6824aa2c7a" ); problem( "c6feadcf0b6eda204cbfba6824aa2c7a" );
} }
if ( $num_get_args > 1 ){ if ( $num_get_args > 1 ){
logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" ); logextra( "ID is not a valid number because \$num_get_args: $num_get_args > 1" );
naughty( "ba22518c5ced567cd0b855206985f036" ); problem( "ba22518c5ced567cd0b855206985f036" );
} }
$query = "SELECT id FROM eps WHERE id = '$provided_episode_id'"; $query = "SELECT id FROM eps WHERE id = '$provided_episode_id'";
$result = @mysqli_query($connection, $query); $result = @mysqli_query($connection, $query);
if($result === FALSE) { if($result === FALSE) {
logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" ); logextra( "No result returned for this query \"SELECT id FROM eps WHERE id = '$provided_episode_id'\"" );
naughty( "fa0778750519cb140b4076c844b3ec78" ); problem( "fa0778750519cb140b4076c844b3ec78" );
} }
else { else {
$db = mysqli_fetch_array($result, MYSQLI_ASSOC); $db = mysqli_fetch_array($result, MYSQLI_ASSOC);
if ( empty($db["id"]) ) { if ( empty($db["id"]) ) {
logextra( "No result returned for this id:\"${id}\"" ); logextra( "No result returned for this id:\"${id}\"" );
naughty( "1e09df9f3896da3e80507ea4538a4aca" ); problem( "1e09df9f3896da3e80507ea4538a4aca" );
} }
} }
$episode_id = $provided_episode_id; $episode_id = $provided_episode_id;
@@ -93,7 +183,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No episode_id provided" ); logextra( "No episode_id provided" );
naughty( "eae535cc88680a5bdab4e7bb4e54d83e" ); problem( "eae535cc88680a5bdab4e7bb4e54d83e" );
exit; exit;
} }
@@ -107,50 +197,50 @@ foreach($decoded['assets'] as $asset) {
$this_dirname = dirname("$provided_filename", 2); $this_dirname = dirname("$provided_filename", 2);
if ( empty($this_dirname) ) { if ( empty($this_dirname) ) {
logextra( "no dirname" ); logextra( "no dirname" );
naughty("b23ed28377cf4cf36cbf01931377ddc7"); problem("b23ed28377cf4cf36cbf01931377ddc7");
} }
if ( $this_dirname === "/" ) { if ( $this_dirname === "/" ) {
logextra( "dirname is root" ); logextra( "dirname is root" );
naughty("b90228a9c4d008eab57304bd36b75a08"); problem("b90228a9c4d008eab57304bd36b75a08");
} }
$this_basename = basename($provided_filename); $this_basename = basename($provided_filename);
if ( empty($this_basename) ) { if ( empty($this_basename) ) {
logextra( "Cound not extract basename from filename: $provided_filename" ); logextra( "Cound not extract basename from filename: $provided_filename" );
naughty("44b5022e3a32605c6b0afdf7699ed153"); problem("44b5022e3a32605c6b0afdf7699ed153");
} }
if ( $this_basename !== $provided_filename ) { if ( $this_basename !== $provided_filename ) {
logextra( "filename: $provided_filename does not match name:$this_basename" ); logextra( "filename: $provided_filename does not match name:$this_basename" );
naughty("832f0283544692bd6691e3802e67099c"); problem("832f0283544692bd6691e3802e67099c");
} }
$this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION); $this_ext = pathinfo($provided_filename, PATHINFO_EXTENSION);
if ( empty($this_ext) ) { if ( empty($this_ext) ) {
logextra( "The extension for \"$provided_filename\" is empty" ); logextra( "The extension for \"$provided_filename\" is empty" );
naughty("63166ba6572ac51b47804d9787152903"); problem("63166ba6572ac51b47804d9787152903");
} }
$this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME); $this_prefix =pathinfo($provided_filename, PATHINFO_FILENAME);
if ( empty($this_prefix) ) { if ( empty($this_prefix) ) {
logextra( "The prefix for \"$provided_filename\" is empty" ); logextra( "The prefix for \"$provided_filename\" is empty" );
naughty("9ad9a6b9e47e6960ff30442c3c808609"); problem("9ad9a6b9e47e6960ff30442c3c808609");
} }
if ( strlen($provided_filename) < 5 ) { if ( strlen($provided_filename) < 5 ) {
logextra( "The length of \"$provided_filename\" is less than 5" ); logextra( "The length of \"$provided_filename\" is less than 5" );
naughty("e131ae01530f4098c299aaca0a6ee8e1"); problem("e131ae01530f4098c299aaca0a6ee8e1");
} }
if ( strlen($provided_filename) > 60 ) { if ( strlen($provided_filename) > 60 ) {
logextra( "The length of \"$provided_filename\" is greater than 60" ); logextra( "The length of \"$provided_filename\" is greater than 60" );
naughty("d90560ef4cac05954c93523d529ed20e"); problem("d90560ef4cac05954c93523d529ed20e");
} }
if (!in_array( $this_ext, $allowed_extensions, true )) { if (!in_array( $this_ext, $allowed_extensions, true )) {
logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); logextra( "This extension $this_ext, is not in the list of allowed_extensions" );
naughty("dd98c84719083fb80fecbd0405504038 $this_ext"); problem("dd98c84719083fb80fecbd0405504038 $this_ext");
} }
$filename = $provided_filename; $filename = $provided_filename;
@@ -158,7 +248,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No filename provided" ); logextra( "No filename provided" );
naughty( "1edd3bcd2a16c152f0a97106372862f9" ); problem( "1edd3bcd2a16c152f0a97106372862f9" );
exit; exit;
} }
@@ -170,19 +260,19 @@ foreach($decoded['assets'] as $asset) {
$provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); $provided_extension = filter_var($provided_extension, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
if ( $provided_extension !== $this_ext ) { if ( $provided_extension !== $this_ext ) {
logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" ); logextra( "The extensions provided \"$provided_extension\" and in the filename dont match \"$provided_filename\"" );
naughty("ed58e1493aa56e0eaf50362cc6f64425"); problem("ed58e1493aa56e0eaf50362cc6f64425");
} }
if (!in_array( $provided_extension, $allowed_extensions, true )) { if (!in_array( $provided_extension, $allowed_extensions, true )) {
logextra( "This extension $this_ext, is not in the list of allowed_extensions" ); logextra( "This extension $this_ext, is not in the list of allowed_extensions" );
naughty("dc406b9151871e38ac69c2bf44fa74da"); problem("dc406b9151871e38ac69c2bf44fa74da");
} }
$extension = $provided_extension; $extension = $provided_extension;
logextra( "Found Valid \$extension: $extension" ); logextra( "Found Valid \$extension: $extension" );
} }
else { else {
logextra( "No extension provided" ); logextra( "No extension provided" );
naughty( "04b53ecd0ffa3faa68db1e541554903d" ); problem( "04b53ecd0ffa3faa68db1e541554903d" );
exit; exit;
} }
@@ -196,17 +286,17 @@ foreach($decoded['assets'] as $asset) {
if (strval(intval($provided_size)) != strval($provided_size)) { if (strval(intval($provided_size)) != strval($provided_size)) {
logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" ); logextra( "The provided size is not a valid number because strval(intval($provided_size)) != strval($provided_size))" );
naughty( "cc349935f0d80b40d5593b0fd54eaf58" ); problem( "cc349935f0d80b40d5593b0fd54eaf58" );
} }
if ( intval($provided_size) <= 0 ){ if ( intval($provided_size) <= 0 ){
logextra( "The provided size is not a valid number because intval($provided_size) <= 0" ); logextra( "The provided size is not a valid number because intval($provided_size) <= 0" );
naughty( "91c54771bcf68f974c9aa8959f953dd8" ); problem( "91c54771bcf68f974c9aa8959f953dd8" );
} }
if ( intval($provided_size) > 3000000000 ){ if ( intval($provided_size) > 3000000000 ){
logextra( "The provided size is not a valid number because it's a lot larger than any show so far" ); logextra( "The provided size is not a valid number because it's a lot larger than any show so far" );
naughty( "8c085ec045b062e3a864e6fc22fceee4" ); problem( "8c085ec045b062e3a864e6fc22fceee4" );
} }
$size = $provided_size; $size = $provided_size;
@@ -214,7 +304,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No size provided" ); logextra( "No size provided" );
naughty( "a6d661c483c6d62d4df1df88a64118ce" ); problem( "a6d661c483c6d62d4df1df88a64118ce" );
exit; exit;
} }
@@ -227,7 +317,7 @@ foreach($decoded['assets'] as $asset) {
$provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); $provided_sha1sum = filter_var($provided_sha1sum, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) { if ( !preg_match('/^[0-9a-f]{40}$/i', $provided_sha1sum) ) {
logextra( "The format of the sha1sum is invalid $provided_sha1sum" ); logextra( "The format of the sha1sum is invalid $provided_sha1sum" );
naughty( "e30c8db8a7e07ba69ef18f957f3e8843" ); problem( "e30c8db8a7e07ba69ef18f957f3e8843" );
} }
$sha1sum = $provided_sha1sum; $sha1sum = $provided_sha1sum;
@@ -235,7 +325,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No sha1sum provided" ); logextra( "No sha1sum provided" );
naughty( "cd3d303dbefec08016d567080116ef77" ); problem( "cd3d303dbefec08016d567080116ef77" );
exit; exit;
} }
@@ -248,40 +338,40 @@ foreach($decoded['assets'] as $asset) {
$provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); $provided_mime_type = filter_var($provided_mime_type, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH);
if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) { if ( !preg_match('/^[\w-]+\/[\w-]+(?:;\s*[\w-]+=[\w-]+)*$/i', $provided_mime_type) ) {
logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" ); logextra( "The format of the mime_type is invalid \"$provided_mime_type\"" );
naughty( "b36041a7d959730a9a541404db3b5025" ); problem( "b36041a7d959730a9a541404db3b5025" );
} }
list($content_type, $charset_type) = explode('; charset=', $provided_mime_type); list($content_type, $charset_type) = explode('; charset=', $provided_mime_type);
if ( !isset( $content_type ) ) { if ( !isset( $content_type ) ) {
logextra( "Can't find content_type in \"$provided_mime_type\"" ); logextra( "Can't find content_type in \"$provided_mime_type\"" );
naughty( "c28ac580f5281ab2d97cbf052c92a25c" ); problem( "c28ac580f5281ab2d97cbf052c92a25c" );
} }
if ( empty( $content_type ) ) { if ( empty( $content_type ) ) {
logextra( "Empty content_type in \"$provided_mime_type\"" ); logextra( "Empty content_type in \"$provided_mime_type\"" );
naughty( "fcec6e4039bc60daede3434e24c97a9f" ); problem( "fcec6e4039bc60daede3434e24c97a9f" );
} }
if (!in_array( $content_type, $allowed_content_type, true )) { if (!in_array( $content_type, $allowed_content_type, true )) {
logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" ); logextra( "This content_type \"$content_type\", is not in the list of allowed_extensions" );
naughty("4f29dcd2b3ef7efc5c4bc65be7a787ca"); problem("4f29dcd2b3ef7efc5c4bc65be7a787ca");
} }
if ( !isset( $charset_type ) ) { if ( !isset( $charset_type ) ) {
logextra( "Can't find charset_type in \"$provided_mime_type\"" ); logextra( "Can't find charset_type in \"$provided_mime_type\"" );
naughty( "" ); problem( "" );
} }
if ( empty( $charset_type ) ) { if ( empty( $charset_type ) ) {
logextra( "Empty charset_type in \"$provided_mime_type\"" ); logextra( "Empty charset_type in \"$provided_mime_type\"" );
naughty( "" ); problem( "" );
} }
$allowed_charset_type = array( "binary", "us-ascii", "utf-8"); $allowed_charset_type = array( "binary", "us-ascii", "utf-8");
if (!in_array( $charset_type, $allowed_charset_type, true )) { if (!in_array( $charset_type, $allowed_charset_type, true )) {
logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" ); logextra( "This charset_type \"$charset_type\", is not in the list of allowed_extensions" );
naughty(""); problem("");
} }
$mime_type = $provided_mime_type; $mime_type = $provided_mime_type;
@@ -289,7 +379,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No mime_type provided" ); logextra( "No mime_type provided" );
naughty( "0c85eb982665a4978fea8f85611fbe88" ); problem( "0c85eb982665a4978fea8f85611fbe88" );
exit; exit;
} }
@@ -302,12 +392,12 @@ foreach($decoded['assets'] as $asset) {
if ( strlen($provided_file_type) < 5 ) { if ( strlen($provided_file_type) < 5 ) {
logextra( "The length of \"$provided_file_type\" is less than 5" ); logextra( "The length of \"$provided_file_type\" is less than 5" );
naughty("60839aaddc82e0fbe4f5da269c361cf6"); problem("60839aaddc82e0fbe4f5da269c361cf6");
} }
if ( strlen($provided_file_type) > 140 ) { if ( strlen($provided_file_type) > 140 ) {
logextra( "The length of \"$provided_file_type\" is greater than 140" ); logextra( "The length of \"$provided_file_type\" is greater than 140" );
naughty("cafbb1b0c9955b92303fe34102890fa3"); problem("cafbb1b0c9955b92303fe34102890fa3");
} }
$file_type = $provided_file_type; $file_type = $provided_file_type;
@@ -315,7 +405,7 @@ foreach($decoded['assets'] as $asset) {
} }
else { else {
logextra( "No file_type provided" ); logextra( "No file_type provided" );
naughty( "a1b6a02d68533f9749da16164cbe704e" ); problem( "a1b6a02d68533f9749da16164cbe704e" );
exit; exit;
} }
@@ -347,5 +437,7 @@ foreach($decoded['assets'] as $asset) {
} }
http_response_code(200); http_response_code(200);
}
?> ?>