mirror of
https://github.com/AzuraCast/AzuraCast.git
synced 2024-06-12 12:24:33 +00:00
Add in security checks to flow.
This commit is contained in:
parent
084d916346
commit
4d06a20630
|
@ -58,6 +58,8 @@ class Flow
|
|||
$chunkBaseDir = sys_get_temp_dir() . '/uploads/' . $flowIdentifier;
|
||||
$chunkPath = $chunkBaseDir . '/' . $flowIdentifier . '.part' . $flowChunkNumber;
|
||||
|
||||
$currentChunkSize = (int)$this->request->getParam('flowCurrentChunkSize', 0);
|
||||
|
||||
$targetSize = $this->request->getParam('flowTotalSize', 0);
|
||||
$targetChunks = (int)$this->request->getParam('flowTotalChunks', 0);
|
||||
|
||||
|
@ -65,7 +67,9 @@ class Flow
|
|||
if ($this->request->isGet()) {
|
||||
|
||||
// Force a reupload of the last chunk if all chunks are uploaded, to trigger processing below.
|
||||
if ($flowChunkNumber !== $targetChunks && file_exists($chunkPath)) {
|
||||
if ($flowChunkNumber !== $targetChunks
|
||||
&& file_exists($chunkPath)
|
||||
&& filesize($chunkPath) == $currentChunkSize) {
|
||||
return $this->response->withStatus(200, 'OK');
|
||||
} else {
|
||||
return $this->response->withStatus(204, 'No Content');
|
||||
|
@ -86,6 +90,10 @@ class Flow
|
|||
@mkdir($chunkBaseDir, 0777, true);
|
||||
}
|
||||
|
||||
if ($file->getSize() !== $currentChunkSize) {
|
||||
throw new \App\Exception('File size of '.$file->getSize().' does not match expected size of '.$currentChunkSize);
|
||||
}
|
||||
|
||||
$file->moveTo($chunkPath);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user