Last active
August 29, 2015 13:56
-
-
Save taoeffect/9182087 to your computer and use it in GitHub Desktop.
Patch was emailed to Till Krüss on February 23, 2014. If you can't wait for him to update his Downloads pepper, you can manually apply the patch below. (Note: this was hacked together in a couple of hours. I don't usually code in PHP. I'm hoping he cleans it up and fixes any mistakes.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- tracker.php 2011-08-02 14:30:30.000000000 -0500 | |
+++ blah.php 2014-02-24 10:52:23.000000000 -0600 | |
@@ -33,12 +33,8 @@ | |
$this->paranoid = isset($args['paranoid']) ? $args['paranoid'] : FALSE; | |
$this->db_prefix = $args['tblPrefix']; | |
- $this->db_id = mysql_connect($args['server'], $args['username'], $args['password']); | |
- | |
- mysql_select_db($args['database'], $this->db_id); | |
- | |
- $result = mysql_query('SELECT cfg, data FROM '.$this->db_prefix.'_config LIMIT 0,1', $this->db_id); | |
- $row = mysql_fetch_assoc($result); | |
+ $this->db = new PDO('mysql:host='.$args['server'].';dbname='.$args['database'], $args['username'], $args['password']); | |
+ $row = $this->db->query('SELECT cfg, data FROM '.$this->db_prefix.'_config LIMIT 0,1')->fetch(PDO::FETCH_ASSOC); | |
$this->pepper_cfg = $this->safe_unserialize($row['cfg']); | |
$this->pepper_id = $this->pepper_cfg['pepperLookUp']['TK_Downloads']; | |
@@ -51,11 +47,15 @@ | |
function safe_unserialize($serialized) { | |
- $serialized = stripslashes($serialized); | |
+ // $serialized = stripslashes($serialized); // we're using prepared statements | |
$unserialized = unserialize($serialized); | |
if ($unserialized === FALSE) { | |
- $serialized = preg_replace('/s:\d+:"([^"]*)";/e', "'s:'.strlen('\\1').':\"\\1\";'", $serialized); | |
+ $serialized = preg_replace_callback('/s:\d+:"([^"]*)";/', | |
+ function ($m) { | |
+ return 's:'.strlen($m[1]).':"'.$m[1].'";'; | |
+ }, | |
+ $serialized); | |
$unserialized = unserialize(stripslashes($serialized)); | |
} | |
@@ -194,9 +193,11 @@ | |
$track = FALSE; | |
$record = FALSE; | |
$redirect = FALSE; | |
- $url = preg_replace("/^http(s)?:\/\/www\.([^.]+\.)/i", "http$1://$2", mysql_real_escape_string(rawurldecode($_GET['url']), $this->db_id)); | |
+ $url = preg_replace("/^http(s)?:\/\/www\.([^.]+\.)/i", "http$1://$2", rawurldecode($_GET['url'])); | |
$components = parse_url($url); | |
- $file = $_SERVER['DOCUMENT_ROOT'].$components['path']; | |
+ $file = realpath($_SERVER['DOCUMENT_ROOT'].$components['path']); | |
+ | |
+ // error_log("file path: '$file' vs '".realpath($file)."'"); | |
$this->debug($this->pepper_prefs['extensions'], 'extensions'); | |
foreach (explode(', ', $this->pepper_prefs['extensions']) as $extension) { | |
@@ -266,25 +267,34 @@ | |
$this->debug($this->should_ignore(), 'mint ignore'); | |
if ($record && !$this->should_ignore()) { | |
- $checksize = $this->pepper_prefs['checksize'] ? ' AND size = '.$record : ''; | |
- $result = mysql_query('SELECT id FROM '.$this->db_prefix."files WHERE file = '".$url."'".$checksize, $this->db_id); | |
+ if ($this->pepper_prefs['checksize']) { | |
+ $sth = $this->db->prepare('SELECT id FROM '.$this->db_prefix."files WHERE file = ? AND size = ?"); | |
+ $sth->execute(array($url, $record)); | |
+ } | |
+ else { | |
+ $sth = $this->db->prepare('SELECT id FROM '.$this->db_prefix."files WHERE file = ?"); | |
+ $sth->execute(array($url)); | |
+ } | |
+ $result = $sth->fetch(PDO::FETCH_ASSOC); | |
- $referer = empty($_SERVER['HTTP_REFERER']) || substr($_SERVER['HTTP_REFERER'], 0, 4) != 'http' ? '' : preg_replace('/#.*$/', '', preg_replace("/^http(s)?:\/\/www\.([^.]+\.)/i", "http$1://$2", mysql_real_escape_string($_SERVER['HTTP_REFERER'], $this->db_id))); | |
+ // $referer = empty($_SERVER['HTTP_REFERER']) || substr($_SERVER['HTTP_REFERER'], 0, 4) != 'http' ? '' : preg_replace('/#.*$/', '', preg_replace("/^http(s)?:\/\/www\.([^.]+\.)/i", "http$1://$2", $this->db->quote($_SERVER['HTTP_REFERER']))); | |
+ $referer = empty($_SERVER['HTTP_REFERER']) || substr($_SERVER['HTTP_REFERER'], 0, 4) != 'http' ? '' : preg_replace('/#.*$/', '', preg_replace("/^http(s)?:\/\/www\.([^.]+\.)/i", "http$1://$2", $_SERVER['HTTP_REFERER'])); | |
$checksum = $this->get_checksum(preg_replace('/(^([^:]+):\/\/(www\.)?|(:\d+)?\/.*$)/', '', $referer)); | |
- $session = isset($_COOKIE['MintCrush']) ? mysql_real_escape_string($_COOKIE['MintCrush'], $this->db_id) : 0; | |
+ $session = isset($_COOKIE['MintCrush']) ? $_COOKIE['MintCrush'] : 0; | |
- if (mysql_num_rows($result)) { | |
- $row = mysql_fetch_assoc($result); | |
- $id = $row['id']; | |
- mysql_query('UPDATE '.$this->db_prefix.'files SET hits = hits + 1 WHERE id = '.$id, $this->db_id); | |
+ if ($result) { | |
+ $id = $result['id']; | |
+ $this->db->prepare('UPDATE '.$this->db_prefix.'files SET hits = hits + 1 WHERE id = ?')->execute(array($id)); | |
} else { | |
- mysql_query('INSERT INTO '.$this->db_prefix."files (id, file, type, size, hits) VALUES ('', '".$url."', 'http', ".$record.", 1)", $this->db_id); | |
- $id = mysql_insert_id($this->db_id); | |
+ $this->db->prepare('INSERT INTO '.$this->db_prefix."files (id, file, type, size, hits) VALUES ('', ?, 'http', ?, 1)")->execute(array($url, $record)); | |
+ $id = $this->db->lastInsertId(); | |
} | |
- mysql_query('INSERT INTO '.$this->db_prefix."downloads (id, file, dt, ip, session, referer, checksum) VALUES ('', '".$id."', ".time().", ".$this->get_ip().", ".$session.", '".$referer."', '".$checksum."')", $this->db_id); | |
+ $this->db->prepare('INSERT INTO '.$this->db_prefix."downloads (id, file, dt, ip, session, referer, checksum) VALUES ('', ?, ?, ?, ?, ?, ?)")->execute(array("$id", time(), $this->get_ip(), $session, "$referer", "$checksum")); | |
- $rawdata = mysql_fetch_assoc(mysql_query('SELECT data FROM '.$this->db_prefix.'_data WHERE id = '.$this->pepper_id, $this->db_id)); | |
+ $sth = $this->db->prepare('SELECT data FROM '.$this->db_prefix.'_data WHERE id = ?'); | |
+ $sth->execute(array($this->pepper_id)); | |
+ $rawdata = $sth->fetch(PDO::FETCH_ASSOC); | |
$downloads = $this->safe_unserialize($rawdata['data']); | |
$today = $this->get_time('today'); | |
@@ -305,7 +315,7 @@ | |
$downloads[$id][1] = $this->prune_array($downloads[$id][1], 5); | |
$downloads[$id][2] = $this->prune_array($downloads[$id][2], 12); | |
- mysql_query('UPDATE '.$this->db_prefix."_data SET data = '".addslashes(serialize($downloads))."' WHERE id = ".$this->pepper_id, $this->db_id); | |
+ $this->db->prepare('UPDATE '.$this->db_prefix."_data SET data = ? WHERE id = ?")->execute(array(serialize($downloads), $this->pepper_id)); | |
} | |
@@ -321,6 +331,16 @@ | |
if (!$track) { | |
exit('// You cannot download this file'); | |
} | |
+ // http://stackoverflow.com/a/20432301/1781435 | |
+ function endsWith($haystack, $needle) { | |
+ return $needle ? substr($haystack, -strlen($needle)) === $needle : ""; | |
+ } | |
+ function startsWith($haystack, $needle) { | |
+ return substr($haystack, 0, strlen($needle)) === $needle; | |
+ } | |
+ | |
+ if (!startsWith($file, $_SERVER['DOCUMENT_ROOT'])) | |
+ exit('// 404.'); | |
if (extension_loaded('fileinfo')) { | |
$fileinfo = new finfo(FILEINFO_MIME); | |
@@ -337,6 +357,10 @@ | |
$disposition = isset($_GET['inline']) ? 'inline' : 'attachment'; | |
if (!$this->debug()) { | |
+ // hack because chrome sucks. it also lies, says it's safari. | |
+ if (endsWith($file, ".pdf") && strpos($_SERVER["HTTP_USER_AGENT"], "Chrome") !== false) | |
+ $disposition = 'inline'; | |
+ | |
header('Content-Type: '.trim($mime)); | |
header('Content-Disposition: '.$disposition.'; filename="'.basename($file).'"'); | |
header('Content-Transfer-Encoding: binary'); |
4 revisions atm. There were some bugs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The file is:
mint/pepper/tillkruess/downloads/modules/http/tracker.php