Merge branch 'master' of https://github.com/HaschekSolutions/pictshare

2025-11-19 14:38:00 +00:00 · 2019-08-21 21:06:08 +02:00
parent 75124102cb 515e034d91
commit 82f97479ff
6 changed files with 107 additions and 2 deletions
--- a/api/upload.php
+++ b/api/upload.php
@@ -21,6 +21,10 @@ if(!isFolderWritable(ROOT.DS.'data'))
 else if(!isFolderWritable(ROOT.DS.'tmp'))
    exit(json_encode(array('status'=>'err','reason'=>'Temp directory not writable')));

+// check if client has permission to upload
+if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
+    exit(json_encode(array('status'=>'err','reason'=> 'Access denied')));
+
 $hash = sanatizeString(trim($_REQUEST['hash']))?sanatizeString(trim($_REQUEST['hash'])):false;

 // check for POST upload
--- a/inc/core.php
+++ b/inc/core.php
@@ -24,6 +24,12 @@ function architect($url)
    //just show the site
    if( ( (!defined('UPLOAD_FORM_LOCATION') || (defined('UPLOAD_FORM_LOCATION') && !UPLOAD_FORM_LOCATION)) && count($u)==0) || (defined('UPLOAD_FORM_LOCATION') && UPLOAD_FORM_LOCATION && '/'.implode('/',$u)==UPLOAD_FORM_LOCATION) )
    {
+        // check if client address is allowed
+        if(defined('ALLOWED_SUBNET') && !isIPInRange( getUserIP(), ALLOWED_SUBNET ))
+        {
+            header("HTTP/1.1 401 Unauthorized");
+            exit;
+        }
        renderTemplate('main');
        return;
    }
@@ -501,3 +507,24 @@ function deleteHash($hash)
        }
    }
 }
+
+/**
+ * Check if a given ip is in a network
+ * @param  string $ip    IP to check in IPV4 format eg. 127.0.0.1
+ * @param  string $range IP/CIDR netmask eg. 127.0.0.0/24, also 127.0.0.1 is accepted and /32 assumed
+ * @return boolean true if the ip is in this range / false if not.
+ * via https://gist.github.com/tott/7684443
+ */
+function isIPInRange( $ip, $range ) {
+    if ( strpos( $range, '/' ) == false )
+    {
+        $range .= '/32';
+    }
+    // $range is in IP/CIDR format eg 127.0.0.1/24
+    list( $range, $netmask ) = explode( '/', $range, 2 );
+    $range_decimal = ip2long( $range );
+    $ip_decimal = ip2long( $ip );
+    $wildcard_decimal = pow( 2, ( 32 - $netmask ) ) - 1;
+    $netmask_decimal = ~ $wildcard_decimal;
+    return ( ( $ip_decimal & $netmask_decimal ) == ( $range_decimal & $netmask_decimal ) );
+}
--- a/inc/example.config.inc.php
+++ b/inc/example.config.inc.php
@@ -12,3 +12,4 @@ define('URL','https://dev.pictshare.net/');
 //define('JPEG_COMPRESSION', 90);
 //define('FFMPEG_BINARY','');
 //define('ALT_FOLDER','/ftp/pictshare');
+//define('ALLOWED_SUBNET','192.168.0.0/24');
--- a/rtfm/API.md
+++ b/rtfm/API.md
@@ -37,6 +37,25 @@ Answer from the server:
 {"status":"ok","hash":"y1b6hr.jpg","url":"https://pictshare.net/y1b6hr.jpg"}
 ```

+2. Uploading from the commandline using alias, requires `jq` package for json response decoding
+
+Put this in your `.bashrc` or `.zshrc`:
+```
+pict () {
+    curl -s -F "file=@${1:--}" https://pictshare.net/api/upload.php | jq -r '.url';
+}
+```
+
+Usage:
+```
+$ cat path/to/image.jpg | pict
+```
+
+Repsonse:
+```
+https://pictshare.net/y1b6hr.jpg
+```
+
 # geturl.php

 - URL https://pictshare.net/api/geturl.php
@@ -100,6 +119,25 @@ Answer from the server:
 }
 ```

+3. Uploading from the commandline using alias, requires `jq` package for json response decoding
+
+Put this in your `.bashrc` or `.zshrc`:
+```
+pictget () {
+    curl -s "hhttps://pictshare.net/api/geturl.php?url=$1" | jq -r '.url';
+}
+```
+
+Usage:
+```
+$ pictget https://i.imgur.com/qQstLQt.mp4
+```
+
+Repsonse:
+```
+https://pictshare.net/u0ni1m.mp4
+```
+
 ---

 # pasetebin.php
--- a/rtfm/CONFIG.md
+++ b/rtfm/CONFIG.md
@@ -12,6 +12,7 @@
 | MASTER_DELETE_CODE      | string  | If set, this code will be accepted to delete any image by adding "delete_yourmasterdeletecode" to any image |
 | MASTER_DELETE_IP        | IP addr | If set, allows deletion of image no matter what delete code you provided if request is coming from this single IP |
 | UPLOAD_FORM_LOCATION    | string  | If set, will only show the upload form if this url is requested. eg if you set it to /secret/upload then you only see the form if you go to http://your.pictshare.server/secret/upload but bare in mind that the uploads [via API](/rtfm/API.md) will still work for anyone|
+| ALLOWED_SUBNET          | IP addr | If set, will only show the upload form and allow to upload via API if request is coming from this subnet |
 | UPLOAD_QUOTA (NOT IMPLEMENTED)            | int     | Size in MB. If set, will only allow uploads if combined size of uploads on Server is smaller than this value. Does not account for ALT_FOLDER data and resized versions of original uploads won't be added to calculation |
 | UPLOAD_CODE (NOT IMPLEMENTED             | string  | If set, all uploads require this code via GET or POST variable "uploadcode" or upload will fail |
 | MAX_RESIZED_IMAGES (NOT IMPLEMENTED      | string  | If set, limits count of resized images/videos per file on server |
--- a/rtfm/MODIFIERS.md
+++ b/rtfm/MODIFIERS.md
@@ -0,0 +1,34 @@
+## Images
+
+### Resize
+```
+/800x600/d8c01b45a6.png
+```
+
+width x height
+
+### Rotate
+```
+/upside|left|right/d8c01b45a6.png
+```
+
+* `upside`: 180°
+* `left`: 90°
+* `right`: -90°
+
+### WebP conversion
+```
+/webp/d8c01b45a6.jpeg
+```
+
+### Gif to mp4
+```
+/mp4/d8c01b45a6.gif
+```
+
+### Filters
+```
+/filter/d8c01b45a6.png
+```
+
+[See available filters](IMAGEFILTERS.md)