Fix bugs in photos.getUploadServer and photos.save

This commit is contained in:
celestora 2023-07-12 20:49:55 +03:00
parent 79ae72f15a
commit 3db545f91a
2 changed files with 6 additions and 5 deletions

View file

@ -61,7 +61,7 @@ final class Photos extends VKAPIRequestHandler
} }
return (object) [ return (object) [
"upload_url" => $this->getPhotoUploadUrl("photo", isset($club) ? 0 : $club->getId()), "upload_url" => $this->getPhotoUploadUrl("photo", !isset($club) ? 0 : $club->getId()),
]; ];
} }

View file

@ -99,20 +99,21 @@ final class VKAPIPresenter extends OpenVKPresenter
function renderPhotoUpload(string $signature): void function renderPhotoUpload(string $signature): void
{ {
$secret = CHANDLER_ROOT_CONF["security"]["secret"]; $secret = CHANDLER_ROOT_CONF["security"]["secret"];
$computedSignature = hash_hmac("sha3-224", $_SERVER["QUERY_STRING"], $secret); $queryString = rawurldecode($_SERVER["QUERY_STRING"]);
$computedSignature = hash_hmac("sha3-224", $queryString, $secret);
if(!(strlen($signature) == 56 && sodium_memcmp($signature, $computedSignature) == 0)) { if(!(strlen($signature) == 56 && sodium_memcmp($signature, $computedSignature) == 0)) {
header("HTTP/1.1 422 Unprocessable Entity"); header("HTTP/1.1 422 Unprocessable Entity");
exit("Try harder <3"); exit("Try harder <3");
} }
$data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($_SERVER["QUERY_STRING"])); $data = unpack("vDOMAIN/Z10FIELD/vMF/vMP/PTIME/PUSER/PGROUP", base64_decode($queryString));
if((time() - $data["TIME"]) > 600) { if((time() - $data["TIME"]) > 600) {
header("HTTP/1.1 422 Unprocessable Entity"); header("HTTP/1.1 422 Unprocessable Entity");
exit("Expired"); exit("Expired");
} }
$folder = __DIR__ . "../../tmp/api-storage/photos"; $folder = __DIR__ . "/../../tmp/api-storage/photos";
$maxSize = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFileSize"]; $maxSize = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFileSize"];
$maxFiles = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFilesPerDomain"]; $maxFiles = OPENVK_ROOT_CONF["openvk"]["preferences"]["uploads"]["api"]["maxFilesPerDomain"];
$usrFiles = sizeof(glob("$folder/$data[USER]_*.oct")); $usrFiles = sizeof(glob("$folder/$data[USER]_*.oct"));