diff options
author | Peter Wu <peter@lekensteyn.nl> | 2014-03-31 17:52:05 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2014-03-31 17:52:05 +0200 |
commit | 28d9c654389b7b2a3e9c79c9369181f1b7c3da81 (patch) | |
tree | 72ba620d0aad0105a505ee96e85e9b11219e1410 | |
parent | 50164e335254bdf6200db421835fc34cc5a291c2 (diff) | |
download | scripts-28d9c654389b7b2a3e9c79c9369181f1b7c3da81.tar.gz |
tmp-upload: do not output HTML for wget or curl
-rwxr-xr-x | tmp-upload | 29 |
1 files changed, 25 insertions, 4 deletions
@@ -41,6 +41,10 @@ function get_mime_type($file) { $url = urldecode($_SERVER['REQUEST_URI']); +/* treat non-browser programs specially, do not output HTML for them */ +$userAgent = explode("/", filter_input(INPUT_SERVER, "HTTP_USER_AGENT"))[0]; +$text_only = in_array($userAgent, array("curl", "Wget")); + /* Simply returning false causes PHP to parse (index).php. Unwanted, * therefore serve it here. First check whether the path is within the * current working directory, then whether the file exists or not. */ @@ -100,6 +104,7 @@ if (is_dir($path)) { $msg = ""; if (isset($_FILES["file"]["name"]) && is_array($_FILES["file"]["name"])) { + // file[] array upload $upload = $_FILES["file"]; for ($i=0; $i<count($_FILES["file"]["name"]); $i++) { $upload = array(); @@ -107,8 +112,11 @@ if (isset($_FILES["file"]["name"]) && is_array($_FILES["file"]["name"])) { $upload[$key] = $vals[$i]; } $res = saveUpload($upload); - if ($res) $msg .= "$res<br>\n"; + if ($res) $msg .= "$res\n"; } +} else if (isset($_FILES["file"]["name"])) { + // single file upload + saveUpload($_FILES["file"]); } function saveUpload($upload) { global $relDir; @@ -130,9 +138,9 @@ function saveUpload($upload) { $is_dupe = file_equals($filename, $upload["tmp_name"], $upload["size"]); } if ($is_dupe) { - $msg = "Uploaded file is a duplicate of " . htmlspecialchars($filename); + $msg = "Uploaded file is a duplicate of " . $filename; } else if (move_uploaded_file($upload["tmp_name"], $filename)) { - $msg = "File is saved as " . htmlspecialchars($filename); + $msg = "File is saved as " . $filename; error_log(sprintf("upload %s", $filename)); } else { $msg = "File could not be saved."; @@ -140,6 +148,17 @@ function saveUpload($upload) { } return $msg; } + +if ($text_only) { + header("Content-Type: text/plain"); + if ($msg) { + echo $msg; + } else { + echo "Usage: curl -F file=@input.txt ...\n"; + } + exit; +} + ?> <!doctype html> <meta charset="UTF-8"> @@ -149,7 +168,9 @@ function saveUpload($upload) { <input type="submit" value="Upload"> </form> <?php -if ($msg) echo "<p>$msg</p>"; +if ($msg) { + printf("<p>%s</p>", nl2br(htmlspecialchars($msg)), false); +} ?> <hr> |