diff --git a/hub/ccdn.php b/hub/ccdn.php new file mode 100644 index 0000000..4264f91 --- /dev/null +++ b/hub/ccdn.php @@ -0,0 +1,92 @@ + request_confirm.php > upload.php > upload_confirm.php +require "/home/hpr/php/include.php"; + +$ip = $_SERVER["REMOTE_ADDR"]; + +if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) { + naughty("34522f7b9ba88b319afa9f063b98905c"); +} + +if ( empty($_SERVER["REMOTE_ADDR"]) ) { + naughty("021dbd5f91f40918ea68fd0ca1a2e381"); +} + +if ( count($_GET) !== 1 ) { + naughty("f5df1c0d9accb7868e601b60cf2f5c06"); +} + +if ( isset($_GET["filename"]) ) { + + $filename = $_GET["filename"]; + if ( empty($filename) ) { + naughty("ef50f1353583f371903daba3abc9b3a4"); + } + + $filename = filter_var($filename, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW|FILTER_FLAG_STRIP_HIGH); + + $dirname = dirname("$filename", 2); + if ( empty($dirname) ) { + naughty("71b6b14eef459e0404311257dad8ffe4"); + } + + if ( $dirname === "/" ) { + naughty("9e342e30b911e1ac3c5e831a6da6116b"); + } + + if ( !( + strcmp($dirname, "/correspondents") === 0 or + strcmp($dirname, "/eps") === 0 or + strcmp($dirname, "/series") === 0 ) + ) { + naughty("f157a8f5fedc7282c7a6469931223dbf"); + } + + $name = basename($filename); // To get file name + if ( empty($name) ) { + naughty("27ece7c2dba5caa5885ef40737270fd3"); + } + + $ext = pathinfo($filename, PATHINFO_EXTENSION); // To get extension + if ( empty($ext) ) { + naughty("c6a4329fe2f3c2c739ec666e956c2c5f"); + } + + $prefix =pathinfo($filename, PATHINFO_FILENAME); // File name without extension + if ( empty($prefix) ) { + naughty("f398399ec10ec9ab4b5b23ae43f21b01"); + } + + + if ( strlen($filename) < 5 ) { + naughty("f78bf180af9239fc7fcf5fbc2b13b59b"); + } + + if ( strlen($filename) > 60 ) { + naughty("38e9a0cf7f650ac62e75c08269c9d913"); + } + + if ( !( + strcmp($ext, "flac") === 0 or + strcmp($ext, "jpg") === 0 or + strcmp($ext, "json") === 0 or + strcmp($ext, "mp3") === 0 or + strcmp($ext, "ogg") === 0 or + strcmp($ext, "opus") === 0 or + strcmp($ext, "png") === 0 or + strcmp($ext, "spx") === 0 or + strcmp($ext, "srt") === 0 or + strcmp($ext, "tsv") === 0 or + strcmp($ext, "txt") === 0 or + strcmp($ext, "vtt") === 0 ) + ) { + naughty("545e49f7ac913863c6c3db40670ebb9d"); + } +} +else { + naughty("0b78322e1c5010ba289c20250ca1fb1f"); +} + +header("location:https://alpha.nl.eu.mirror.hackerpublicradio.org${filename}"); + +?> diff --git a/www/rss.php b/www/rss.php index ac46d8d..10d7444 100644 --- a/www/rss.php +++ b/www/rss.php @@ -60,11 +60,6 @@ switch ($atomurl) { $mimetype = "audio/mpeg"; $feed = "tenday"; break; - case "/rss1.php": - $format = "spx"; - $mimetype = "audio/ogg"; - $feed = "tenday"; - break; } require "/home/hpr/php/include.php"; @@ -237,20 +232,8 @@ if ($result = mysqli_query($connection, $query)) { else{ $episode_explicit = "Explicit"; } - $url="http://hackerpublicradio.org/eps/hpr${id}${version}"; - if (isset($_GET['hostidinfilename'])) { - $hostidinfilename = $_GET['hostidinfilename']; - if ( $hostidinfilename === "1" ) { - $url = $url . "_host-" . htmlspecialchars(stripslashes(strip_tags($row["hostid"]))); - } - } - if ( isset($_GET['seriesidinfilename']) ) { - $seriesidinfilename = $_GET['seriesidinfilename']; - if ( $seriesidinfilename === "1" ) { - $url = $url . "_series-" . htmlspecialchars(stripslashes(strip_tags($row["series"]))); - } - } - $url = $url . "." . $format; + + $url="https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr${id}/hpr${id}.${format}"; $itunes_summary = htmlspecialchars(stripslashes(strip_tags(substr($row["notes"],0,4000)))); if ( $html == 1 ) {