Updated web.config for uploads.

il y a 7 ans · c037d35728
--- a/includes/classes/Cryptography.class.php
+++ b/includes/classes/Cryptography.class.php
@ -7,18 +7,18 @@ Class Cryptography
				@@ -7,18 +7,18 @@ Class Cryptography
 			if (is_file($source) === true)
 			{
 				$source = file_get_contents($source);
-        switch($cipher)
-        {
-          case 'tripleDES':
-            $encryptedSource=$this->TripleDesEncrypt($source,$key,$iv);
-            break;
-          case 'AES':
-            $encryptedSource=$this->AESEncrypt($source,$key,$iv);
-            break;
-          default:
-            $encryptedSource=$this->TripleDesEncrypt($source,$key,$iv);
-            break;
-        }
+                switch($cipher)
+                {
+                  case 'tripleDES':
+                    $encryptedSource=$this->TripleDesEncrypt($source,$key,$iv);
+                    break;
+                  case 'AES':
+                    $encryptedSource=$this->AESEncrypt($source,$key,$iv);
+                    break;
+                  default:
+                    $encryptedSource=$this->TripleDesEncrypt($source,$key,$iv);
+                    break;
+                }
 				if (file_put_contents($destination,$encryptedSource, LOCK_EX) !== false)
 				{
 					return true;
@ -37,18 +37,18 @@ Class Cryptography
				@@ -37,18 +37,18 @@ Class Cryptography
 			if (is_file($source) === true)
 			{
 				$source = file_get_contents($source);
-        switch($cipher)
-        {
-          case 'tripleDES':
-            $decryptedSource=self::TripleDesDecrypt($source,$key,$iv);
-            break;
-          case 'AES':
-            $decryptedSource=self::AESDecrypt($source,$key,$iv);
-            break;
-          default:
-            $decryptedSource=self::TripleDesDecrypt($source,$key,$iv);
-            break;
-        }
+                switch($cipher)
+                {
+                  case 'tripleDES':
+                    $decryptedSource=self::TripleDesDecrypt($source,$key,$iv);
+                    break;
+                  case 'AES':
+                    $decryptedSource=self::AESDecrypt($source,$key,$iv);
+                    break;
+                  default:
+                    $decryptedSource=self::TripleDesDecrypt($source,$key,$iv);
+                    break;
+                }
 				if (file_put_contents($destination,$decryptedSource, LOCK_EX) !== false)
 				{
 					return true;
@ -81,8 +81,8 @@ Class Cryptography
				@@ -81,8 +81,8 @@ Class Cryptography
 				}
 			}
 	     	 mcrypt_generic_init($cipher, $key, $iv);
-		 $result = mcrypt_generic($cipher, $buffer);
-		 mcrypt_generic_deinit($cipher);
+             $result = mcrypt_generic($cipher, $buffer);
+             mcrypt_generic_deinit($cipher);
 		return base64_encode($result);
 	}

@ -113,13 +113,13 @@ Class Cryptography
				@@ -113,13 +113,13 @@ Class Cryptography
 			$extra = 8 - (strlen($buffer) % 8);
 	 		// add the zero padding
 			if($extra > 0) {
-			for($i = 0; $i < $extra; $i++) {
-				$buffer .= '_';
+                for($i = 0; $i < $extra; $i++) {
+				    $buffer .= '_';
 				}
 			}
-	     	 mcrypt_generic_init($cipher, $key, $iv);
-		 $result = mcrypt_generic($cipher, $buffer);
-		 mcrypt_generic_deinit($cipher);
+            mcrypt_generic_init($cipher, $key, $iv);
+            $result = mcrypt_generic($cipher, $buffer);
+            mcrypt_generic_deinit($cipher);
 		return base64_encode($result);
 	}

@ -133,9 +133,9 @@ Class Cryptography
				@@ -133,9 +133,9 @@ Class Cryptography
 		   $cipher = mcrypt_module_open('rijndael-256', '', 'cbc', '');
 		   mcrypt_generic_init($cipher, $key, $iv);
 		   $result = mdecrypt_generic($cipher,$buffer);
-	        $result=substr($result,0,strpos($result,'___EOT'));
+	       $result=substr($result,0,strpos($result,'___EOT'));
 	   	   mcrypt_generic_deinit($cipher);
 	 	  return $result;
 	}
 }
-?>
+?>
--- a/upload/web.config
+++ b/upload/web.config
@ -4,19 +4,19 @@
				@@ -4,19 +4,19 @@
        <rewrite>
            <rules>
                <rule name="View File" enabled="true" stopProcessing="true">
-                    <match url="^([a-zA-Z0-9]+)[\.]?([^/]+)?[^/]$" ignoreCase="false" />
+                    <match url="^[a-zA-Z0-9]{6}([\.]?|[\.]([^/]+)?)$" ignoreCase="false" />
                    <action type="Rewrite" url="/lib/download.php?file={C:1}" appendQueryString="false" logRewrittenUrl="false" />
                    <conditions>
                        <add input="{REQUEST_URI}" pattern="/(.+)" />
                    </conditions>
                </rule>
                <rule name="Delete Upload" stopProcessing="true">
-                    <match url="^(([a-zA-Z0-9]+)[\.]?([^/]+)?)/([a-zA-Z0-9]+)/?$" />
+                    <match url="^([a-zA-Z0-9]{6}([\.]?|[\.]([^/]+)?))/([a-zA-Z0-9]+)/?$" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
-                    <action type="Rewrite" url="delete_upload.php?file={R:1}&amp;hash={R:5}" />
+                    <action type="Rewrite" url="delete_upload.php?file={R:1}&amp;hash={R:4}" />
                </rule>
            </rules>
        </rewrite>