|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | <?php /** * upload.php * * Copyright 2009, Moxiecode Systems AB * Released under GPL License. * * License: http://www.plupload.com/license * Contributing: http://www.plupload.com/contributing */ // HTTP headers for no cache etc header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Settings //$targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload"; //$targetDir = 'uploads/'; $start_path = "../wp-load.php"; $di=0; while(!file_exists($start_path) && $di < 12){ $start_path = "../".$start_path; $di++; } if(!file_exists($start_path) || !@include( $start_path )) throw new Exception("Failed to include 'wp-load.php'"); $upload_dir = wp_upload_dir(); $targetDir = $upload_dir['path'].'/'; $cleanupTargetDir = true; // Remove old files $maxFileAge = 5 * 3600; // Temp file age in seconds // 5 minutes execution time @set_time_limit(5 * 60); // Uncomment this one to fake upload time // usleep(5000); // Get parameters $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0; $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; // Clean the fileName for security reasons $fileName = preg_replace('/[^\w\._]+/', '_', $fileName); // Make sure the fileName is unique but only if chunking is disabled if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) { $ext = strrpos($fileName, '.'); $fileName_a = substr($fileName, 0, $ext); $fileName_b = substr($fileName, $ext); $count = 1; while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) $count++; $fileName = $fileName_a . '_' . $count . $fileName_b; } $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; // Create target dir if (!file_exists($targetDir)) @mkdir($targetDir); // Remove old temp files if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) { while (($file = readdir($dir)) !== false) { $tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; // Remove temp file if it is older than the max age and is not the current file if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part")) { @unlink($tmpfilePath); } } closedir($dir); } else die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}'); // Look for the content type header if (isset($_SERVER["HTTP_CONTENT_TYPE"])) $contentType = $_SERVER["HTTP_CONTENT_TYPE"]; if (isset($_SERVER["CONTENT_TYPE"])) $contentType = $_SERVER["CONTENT_TYPE"]; // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5 if (strpos($contentType, "multipart") !== false) { if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) { // Open temp file $out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab"); if ($out) { // Read binary input stream and append it to temp file $in = fopen($_FILES['file']['tmp_name'], "rb"); if ($in) { while ($buff = fread($in, 4096)) fwrite($out, $buff); } else die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); fclose($in); fclose($out); @unlink($_FILES['file']['tmp_name']); } else die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } else die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}'); } else { // Open temp file $out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab"); if ($out) { // Read binary input stream and append it to temp file $in = fopen("php://input", "rb"); if ($in) { while ($buff = fread($in, 4096)) fwrite($out, $buff); } else die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}'); fclose($in); fclose($out); } else die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}'); } // Check if file has been uploaded if (!$chunks || $chunk == $chunks - 1) { // Strip the temp .part suffix off rename("{$filePath}.part", $filePath); } // Return JSON-RPC response die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); ?> |
PD9waHAgCi8qKgogKiB1cGxvYWQucGhwCiAqCiAqIENvcHlyaWdodCAyMDA5LCBNb3hpZWNvZGUgU3lzdGVtcyBBQgogKiBSZWxlYXNlZCB1bmRlciBHUEwgTGljZW5zZS4KICoKICogTGljZW5zZTogaHR0cDovL3d3dy5wbHVwbG9hZC5jb20vbGljZW5zZQogKiBDb250cmlidXRpbmc6IGh0dHA6Ly93d3cucGx1cGxvYWQuY29tL2NvbnRyaWJ1dGluZwogKi8KCi8vIEhUVFAgaGVhZGVycyBmb3Igbm8gY2FjaGUgZXRjCmhlYWRlcigiRXhwaXJlczogTW9uLCAyNiBKdWwgMTk5NyAwNTowMDowMCBHTVQiKTsKaGVhZGVyKCJMYXN0LU1vZGlmaWVkOiAiIC4gZ21kYXRlKCJELCBkIE0gWSBIOmk6cyIpIC4gIiBHTVQiKTsKaGVhZGVyKCJDYWNoZS1Db250cm9sOiBuby1zdG9yZSwgbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZSIpOwpoZWFkZXIoIkNhY2hlLUNvbnRyb2w6IHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTAiLCBmYWxzZSk7CmhlYWRlcigiUHJhZ21hOiBuby1jYWNoZSIpOwoKLy8gU2V0dGluZ3MKLy8kdGFyZ2V0RGlyID0gaW5pX2dldCgidXBsb2FkX3RtcF9kaXIiKSAuIERJUkVDVE9SWV9TRVBBUkFUT1IgLiAicGx1cGxvYWQiOwovLyR0YXJnZXREaXIgPSAndXBsb2Fkcy8nOwoKJHN0YXJ0X3BhdGggPSAiLi4vd3AtbG9hZC5waHAiOwokZGk9MDsKd2hpbGUoIWZpbGVfZXhpc3RzKCRzdGFydF9wYXRoKSAmJiAkZGkgPCAxMil7Cgkkc3RhcnRfcGF0aCA9ICIuLi8iLiRzdGFydF9wYXRoOwoJJGRpKys7Cn0KaWYoIWZpbGVfZXhpc3RzKCRzdGFydF9wYXRoKSB8fCAhQGluY2x1ZGUoICRzdGFydF9wYXRoICkpIHRocm93IG5ldyBFeGNlcHRpb24oIkZhaWxlZCB0byBpbmNsdWRlICd3cC1sb2FkLnBocCciKTsKJHVwbG9hZF9kaXIgPSB3cF91cGxvYWRfZGlyKCk7CiR0YXJnZXREaXIgPSAkdXBsb2FkX2RpclsncGF0aCddLicvJzsKCiRjbGVhbnVwVGFyZ2V0RGlyID0gdHJ1ZTsgLy8gUmVtb3ZlIG9sZCBmaWxlcwokbWF4RmlsZUFnZSA9IDUgKiAzNjAwOyAvLyBUZW1wIGZpbGUgYWdlIGluIHNlY29uZHMKCi8vIDUgbWludXRlcyBleGVjdXRpb24gdGltZQpAc2V0X3RpbWVfbGltaXQoNSAqIDYwKTsKCi8vIFVuY29tbWVudCB0aGlzIG9uZSB0byBmYWtlIHVwbG9hZCB0aW1lCi8vIHVzbGVlcCg1MDAwKTsKCi8vIEdldCBwYXJhbWV0ZXJzCiRjaHVuayA9IGlzc2V0KCRfUkVRVUVTVFsiY2h1bmsiXSkgPyBpbnR2YWwoJF9SRVFVRVNUWyJjaHVuayJdKSA6IDA7CiRjaHVua3MgPSBpc3NldCgkX1JFUVVFU1RbImNodW5rcyJdKSA/IGludHZhbCgkX1JFUVVFU1RbImNodW5rcyJdKSA6IDA7CiRmaWxlTmFtZSA9IGlzc2V0KCRfUkVRVUVTVFsibmFtZSJdKSA/ICRfUkVRVUVTVFsibmFtZSJdIDogJyc7CgovLyBDbGVhbiB0aGUgZmlsZU5hbWUgZm9yIHNlY3VyaXR5IHJlYXNvbnMKJGZpbGVOYW1lID0gcHJlZ19yZXBsYWNlKCcvW15cd1wuX10rLycsICdfJywgJGZpbGVOYW1lKTsKCi8vIE1ha2Ugc3VyZSB0aGUgZmlsZU5hbWUgaXMgdW5pcXVlIGJ1dCBvbmx5IGlmIGNodW5raW5nIGlzIGRpc2FibGVkCmlmICgkY2h1bmtzIDwgMiAmJiBmaWxlX2V4aXN0cygkdGFyZ2V0RGlyIC4gRElSRUNUT1JZX1NFUEFSQVRPUiAuICRmaWxlTmFtZSkpIHsKCSRleHQgPSBzdHJycG9zKCRmaWxlTmFtZSwgJy4nKTsKCSRmaWxlTmFtZV9hID0gc3Vic3RyKCRmaWxlTmFtZSwgMCwgJGV4dCk7CgkkZmlsZU5hbWVfYiA9IHN1YnN0cigkZmlsZU5hbWUsICRleHQpOwoKCSRjb3VudCA9IDE7Cgl3aGlsZSAoZmlsZV9leGlzdHMoJHRhcmdldERpciAuIERJUkVDVE9SWV9TRVBBUkFUT1IgLiAkZmlsZU5hbWVfYSAuICdfJyAuICRjb3VudCAuICRmaWxlTmFtZV9iKSkKCQkkY291bnQrKzsKCgkkZmlsZU5hbWUgPSAkZmlsZU5hbWVfYSAuICdfJyAuICRjb3VudCAuICRmaWxlTmFtZV9iOwp9CgokZmlsZVBhdGggPSAkdGFyZ2V0RGlyIC4gRElSRUNUT1JZX1NFUEFSQVRPUiAuICRmaWxlTmFtZTsKCi8vIENyZWF0ZSB0YXJnZXQgZGlyCmlmICghZmlsZV9leGlzdHMoJHRhcmdldERpcikpCglAbWtkaXIoJHRhcmdldERpcik7CgovLyBSZW1vdmUgb2xkIHRlbXAgZmlsZXMJCmlmICgkY2xlYW51cFRhcmdldERpciAmJiBpc19kaXIoJHRhcmdldERpcikgJiYgKCRkaXIgPSBvcGVuZGlyKCR0YXJnZXREaXIpKSkgewoJd2hpbGUgKCgkZmlsZSA9IHJlYWRkaXIoJGRpcikpICE9PSBmYWxzZSkgewoJCSR0bXBmaWxlUGF0aCA9ICR0YXJnZXREaXIgLiBESVJFQ1RPUllfU0VQQVJBVE9SIC4gJGZpbGU7CgoJCS8vIFJlbW92ZSB0ZW1wIGZpbGUgaWYgaXQgaXMgb2xkZXIgdGhhbiB0aGUgbWF4IGFnZSBhbmQgaXMgbm90IHRoZSBjdXJyZW50IGZpbGUKCQlpZiAocHJlZ19tYXRjaCgnL1wucGFydCQvJywgJGZpbGUpICYmIChmaWxlbXRpbWUoJHRtcGZpbGVQYXRoKSA8IHRpbWUoKSAtICRtYXhGaWxlQWdlKSAmJiAoJHRtcGZpbGVQYXRoICE9ICJ7JGZpbGVQYXRofS5wYXJ0IikpIHsKCQkJQHVubGluaygkdG1wZmlsZVBhdGgpOwoJCX0KCX0KCgljbG9zZWRpcigkZGlyKTsKfSBlbHNlCglkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMCwgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG9wZW4gdGVtcCBkaXJlY3RvcnkuIn0sICJpZCIgOiAiaWQifScpOwoJCgovLyBMb29rIGZvciB0aGUgY29udGVudCB0eXBlIGhlYWRlcgppZiAoaXNzZXQoJF9TRVJWRVJbIkhUVFBfQ09OVEVOVF9UWVBFIl0pKQoJJGNvbnRlbnRUeXBlID0gJF9TRVJWRVJbIkhUVFBfQ09OVEVOVF9UWVBFIl07CgppZiAoaXNzZXQoJF9TRVJWRVJbIkNPTlRFTlRfVFlQRSJdKSkKCSRjb250ZW50VHlwZSA9ICRfU0VSVkVSWyJDT05URU5UX1RZUEUiXTsKCi8vIEhhbmRsZSBub24gbXVsdGlwYXJ0IHVwbG9hZHMgb2xkZXIgV2ViS2l0IHZlcnNpb25zIGRpZG4ndCBzdXBwb3J0IG11bHRpcGFydCBpbiBIVE1MNQppZiAoc3RycG9zKCRjb250ZW50VHlwZSwgIm11bHRpcGFydCIpICE9PSBmYWxzZSkgewoJaWYgKGlzc2V0KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSkgJiYgaXNfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10pKSB7CgkJLy8gT3BlbiB0ZW1wIGZpbGUKCQkkb3V0ID0gZm9wZW4oInskZmlsZVBhdGh9LnBhcnQiLCAkY2h1bmsgPT0gMCA/ICJ3YiIgOiAiYWIiKTsKCQlpZiAoJG91dCkgewoJCQkvLyBSZWFkIGJpbmFyeSBpbnB1dCBzdHJlYW0gYW5kIGFwcGVuZCBpdCB0byB0ZW1wIGZpbGUKCQkJJGluID0gZm9wZW4oJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAicmIiKTsKCgkJCWlmICgkaW4pIHsKCQkJCXdoaWxlICgkYnVmZiA9IGZyZWFkKCRpbiwgNDA5NikpCgkJCQkJZndyaXRlKCRvdXQsICRidWZmKTsKCQkJfSBlbHNlCgkJCQlkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMSwgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG9wZW4gaW5wdXQgc3RyZWFtLiJ9LCAiaWQiIDogImlkIn0nKTsKCQkJZmNsb3NlKCRpbik7CgkJCWZjbG9zZSgkb3V0KTsKCQkJQHVubGluaygkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10pOwoJCX0gZWxzZQoJCQlkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMiwgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG9wZW4gb3V0cHV0IHN0cmVhbS4ifSwgImlkIiA6ICJpZCJ9Jyk7Cgl9IGVsc2UKCQlkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMywgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG1vdmUgdXBsb2FkZWQgZmlsZS4ifSwgImlkIiA6ICJpZCJ9Jyk7Cn0gZWxzZSB7CgkvLyBPcGVuIHRlbXAgZmlsZQoJJG91dCA9IGZvcGVuKCJ7JGZpbGVQYXRofS5wYXJ0IiwgJGNodW5rID09IDAgPyAid2IiIDogImFiIik7CglpZiAoJG91dCkgewoJCS8vIFJlYWQgYmluYXJ5IGlucHV0IHN0cmVhbSBhbmQgYXBwZW5kIGl0IHRvIHRlbXAgZmlsZQoJCSRpbiA9IGZvcGVuKCJwaHA6Ly9pbnB1dCIsICJyYiIpOwoKCQlpZiAoJGluKSB7CgkJCXdoaWxlICgkYnVmZiA9IGZyZWFkKCRpbiwgNDA5NikpCgkJCQlmd3JpdGUoJG91dCwgJGJ1ZmYpOwoJCX0gZWxzZQoJCQlkaWUoJ3sianNvbnJwYyIgOiAiMi4wIiwgImVycm9yIiA6IHsiY29kZSI6IDEwMSwgIm1lc3NhZ2UiOiAiRmFpbGVkIHRvIG9wZW4gaW5wdXQgc3RyZWFtLiJ9LCAiaWQiIDogImlkIn0nKTsKCgkJZmNsb3NlKCRpbik7CgkJZmNsb3NlKCRvdXQpOwoJfSBlbHNlCgkJZGllKCd7Impzb25ycGMiIDogIjIuMCIsICJlcnJvciIgOiB7ImNvZGUiOiAxMDIsICJtZXNzYWdlIjogIkZhaWxlZCB0byBvcGVuIG91dHB1dCBzdHJlYW0uIn0sICJpZCIgOiAiaWQifScpOwp9CgovLyBDaGVjayBpZiBmaWxlIGhhcyBiZWVuIHVwbG9hZGVkCmlmICghJGNodW5rcyB8fCAkY2h1bmsgPT0gJGNodW5rcyAtIDEpIHsKCS8vIFN0cmlwIHRoZSB0ZW1wIC5wYXJ0IHN1ZmZpeCBvZmYgCglyZW5hbWUoInskZmlsZVBhdGh9LnBhcnQiLCAkZmlsZVBhdGgpOwp9CgoKLy8gUmV0dXJuIEpTT04tUlBDIHJlc3BvbnNlCmRpZSgneyJqc29ucnBjIiA6ICIyLjAiLCAicmVzdWx0IiA6IG51bGwsICJpZCIgOiAiaWQifScpOwoKPz4=
-
upload with new input
-
result: Runtime error time: 0.02s memory: 13064 kB signal: -1
Fatal error: Uncaught exception 'Exception' with message 'Failed to include 'wp-load.php'' in /home/sAHBeS/prog.php:29 Stack trace: #0 {main} thrown in /home/sAHBeS/prog.php on line 29