From 3e334aec23d96820fba1844989ae37020d30d3e5 Mon Sep 17 00:00:00 2001 From: Foltik Date: Sun, 14 Aug 2016 22:36:10 -0400 Subject: [PATCH] Fix files not being added to database when uploading by API key --- includes/nav.swig | 2 +- templates/upload.swig | 61 ++++++++++++++++++++++++++++----------------------- 2 files changed, 35 insertions(+), 28 deletions(-) diff --git a/includes/nav.swig b/includes/nav.swig index f6f7ab6..d689234 100644 --- a/includes/nav.swig +++ b/includes/nav.swig @@ -6,4 +6,4 @@
  • FAQ
  • Logout
    • - + \ No newline at end of file diff --git a/templates/upload.swig b/templates/upload.swig index 05c3122..9dc393a 100644 --- a/templates/upload.swig +++ b/templates/upload.swig @@ -77,6 +77,13 @@ function uploadFile($file) } } + if ($file->size > {{max_upload_size}} * 1048576) { + throw new Exception( + 'File too large', + 500 + ); + } + // Check if a file with the same hash and size (a file which is the same) // does already exist in the database; if it does, return the proper link @@ -87,7 +94,7 @@ function uploadFile($file) $q->bindValue(':size', $file->size); $q->execute(); $result = $q->fetch(); - if ($result['count'] > 0) { + if ($result['count'] > 0) {024024024 return array( 'hash' => $file->getSha1(), 'name' => $file->name, @@ -127,8 +134,14 @@ function uploadFile($file) $result = $q->fetch(); $user = result['user']; $q = $db->prepare('INSERT INTO files (hash, originalname, filename, size, date, ' . - 'expire, delid) VALUES (:hash, :orig, :name, :size, :date, ' . - ':exp, :del, :user)'); + 'expire, delid, user) VALUES (:hash, :orig, :name, :size, :date, ' . + ':exp, :del, :user)'); if (!isset($_POST['apikey']) && isset($_SESSION['user'])) { + $q = $db->prepare('SELECT apikey FROM accounts WHERE user = (:user)'); + $q->bindValue(':user', $_SESSION['user']); + $q->execute(); + $result = $q->fetch(); + $apikey = $result['apikey']; + } $q->bindValue(':user', $user); } else { // Otherwise just use session data @@ -189,33 +202,27 @@ $type = isset($_GET['output']) ? $_GET['output'] : 'json'; $response = new Response($type); if (isset($_FILES['files'])) { - if (!isset($_POST['apikey']) && isset($_SESSION['user'])) { - $q = $db->prepare('SELECT apikey FROM accounts WHERE user = (:user)'); - $q->bindValue(':user', $_SESSION['user']); - $q->execute(); - $result = $q->fetch(); - $apikey = $result['apikey']; - } - - if (isset($_POST['apikey'])) { - $q = $db->prepare('SELECT user FROM accounts WHERE apikey = (:apikey)'); - $q->bindValue(':apikey', $_POST['apikey']); - $q->execute(); - if ($q->rowCount() == 0) { - $response->error(500, 'Invalid API Key'); - return; + if (isset($_POST['apikey]) || isset($_SESSION['id'])) { + if (isset($_POST['apikey'])) { + $q = $db->prepare('SELECT user FROM accounts WHERE apikey = (:apikey)'); + $q->bindValue(':apikey', $_POST['apikey']); + $q->execute(); + if ($q->rowCount() == 0) { + $response->error(500, 'Invalid API Key'); + return; + } } - } - $uploads = refiles($_FILES['files']); + $uploads = refiles($_FILES['files']); - try { - foreach ($uploads as $upload) { - $res[] = uploadFile($upload); - } - $response->send($res); - } catch (Exception $e) { - $response->error($e->getCode(), $e->getMessage()); + try { + foreach ($uploads as $upload) { + $res[] = uploadFile($upload); + } + $response->send($res); + } catch (Exception $e) { + $response->error($e->getCode(), $e->getMessage()); + } } } else { $response->error(400, 'No input file(s)');