From 3db545f91acd742eb842cf7b3aa1e62b20a4c520 Mon Sep 17 00:00:00 2001
From: celestora <kitsuruko@gmail.com>
Date: Wed, 12 Jul 2023 20:49:55 +0300
Subject: [PATCH] Fix bugs in photos.getUploadServer and photos.save

---
 VKAPI/Handlers/Photos.php         | 2 +-
 Web/Presenters/VKAPIPresenter.php | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/VKAPI/Handlers/Photos.php b/VKAPI/Handlers/Photos.php
index 4ab56832..e3e9abac 100644
--- a/VKAPI/Handlers/Photos.php
+++ b/VKAPI/Handlers/Photos.php
@@ -61,7 +61,7 @@ final class Photos extends VKAPIRequestHandler
         }
 
         return (object) [
-            "upload_url" => $this->getPhotoUploadUrl("photo", isset($club) ? 0 : $club->getId()),
+            "upload_url" => $this->getPhotoUploadUrl("photo", !isset($club) ? 0 : $club->getId()),
         ];
     }
 
diff --git a/Web/Presenters/VKAPIPresenter.php b/Web/Presenters/VKAPIPresenter.php
index 5767a0c5..431379c5 100644
--- a/Web/Presenters/VKAPIPresenter.php
+++ b/Web/Presenters/VKAPIPresenter.php
@@ -99,20 +99,21 @@ final class VKAPIPresenter extends OpenVKPresenter
 
     function renderPhotoUpload(string $signature): void
     {
-        $secret = CHANDLER_ROOT_CONF["security"]["secret"];
-        $computedSignature = hash_hmac("sha3-224", $_SERVER["QUERY_STRING"], $secret);
+        $secret            = CHANDLER_ROOT_CONF["security"]["secret"];
+        $queryString       = rawurldecode($_SERVER["QUERY_STRING"]);
+        $computedSignature = hash_hmac("sha3-224", $queryString, $secret);
         if(!(strlen($signature) == 56 && sodium_memcmp($signature, $computedSignature) == 0)) {
             header("HTTP/1.1 422 Unprocessable Entity");
             exit("Try harder <3");
         }
 
-        $data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($_SERVER["QUERY_STRING"]));
+        $data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($queryString));
         if((time() - $data["TIME"]) > 600) {
             header("HTTP/1.1 422 Unprocessable Entity");
             exit("Expired");
         }
 
-        $folder   = __DIR__ . "../../tmp/api-storage/photos";
+        $folder   = __DIR__ . "/../../tmp/api-storage/photos";
         $maxSize  = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFileSize"];
         $maxFiles = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFilesPerDomain"];
         $usrFiles = sizeof(glob("$folder/$data[USER]_*.oct"));