mirror of
https://github.com/openvk/openvk
synced 2024-12-23 00:51:03 +03:00
Fix bugs in photos.getUploadServer and photos.save
This commit is contained in:
parent
79ae72f15a
commit
3db545f91a
2 changed files with 6 additions and 5 deletions
|
@ -61,7 +61,7 @@ final class Photos extends VKAPIRequestHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
return (object) [
|
return (object) [
|
||||||
"upload_url" => $this->getPhotoUploadUrl("photo", isset($club) ? 0 : $club->getId()),
|
"upload_url" => $this->getPhotoUploadUrl("photo", !isset($club) ? 0 : $club->getId()),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -99,20 +99,21 @@ final class VKAPIPresenter extends OpenVKPresenter
|
||||||
|
|
||||||
function renderPhotoUpload(string $signature): void
|
function renderPhotoUpload(string $signature): void
|
||||||
{
|
{
|
||||||
$secret = CHANDLER_ROOT_CONF["security"]["secret"];
|
$secret = CHANDLER_ROOT_CONF["security"]["secret"];
|
||||||
$computedSignature = hash_hmac("sha3-224", $_SERVER["QUERY_STRING"], $secret);
|
$queryString = rawurldecode($_SERVER["QUERY_STRING"]);
|
||||||
|
$computedSignature = hash_hmac("sha3-224", $queryString, $secret);
|
||||||
if(!(strlen($signature) == 56 && sodium_memcmp($signature, $computedSignature) == 0)) {
|
if(!(strlen($signature) == 56 && sodium_memcmp($signature, $computedSignature) == 0)) {
|
||||||
header("HTTP/1.1 422 Unprocessable Entity");
|
header("HTTP/1.1 422 Unprocessable Entity");
|
||||||
exit("Try harder <3");
|
exit("Try harder <3");
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($_SERVER["QUERY_STRING"]));
|
$data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($queryString));
|
||||||
if((time() - $data["TIME"]) > 600) {
|
if((time() - $data["TIME"]) > 600) {
|
||||||
header("HTTP/1.1 422 Unprocessable Entity");
|
header("HTTP/1.1 422 Unprocessable Entity");
|
||||||
exit("Expired");
|
exit("Expired");
|
||||||
}
|
}
|
||||||
|
|
||||||
$folder = __DIR__ . "../../tmp/api-storage/photos";
|
$folder = __DIR__ . "/../../tmp/api-storage/photos";
|
||||||
$maxSize = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFileSize"];
|
$maxSize = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFileSize"];
|
||||||
$maxFiles = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFilesPerDomain"];
|
$maxFiles = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFilesPerDomain"];
|
||||||
$usrFiles = sizeof(glob("$folder/$data[USER]_*.oct"));
|
$usrFiles = sizeof(glob("$folder/$data[USER]_*.oct"));
|
||||||
|
|
Loading…
Reference in a new issue