From 2d9d99e1a64367b79a7e4bd1875098b6114f43c8 Mon Sep 17 00:00:00 2001 From: Baoshuo Date: Wed, 12 Oct 2022 21:10:07 +0800 Subject: [PATCH] feat(web/image_hosting): get_image --- .../controllers/image_hosting/get_image.php | 18 ++++++++++++++++++ web/app/libs/uoj-rand-lib.php | 8 ++++---- web/app/libs/uoj-validate-lib.php | 4 ++++ web/app/route.php | 2 +- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/web/app/controllers/image_hosting/get_image.php b/web/app/controllers/image_hosting/get_image.php index e6e8fae..1f53f04 100644 --- a/web/app/controllers/image_hosting/get_image.php +++ b/web/app/controllers/image_hosting/get_image.php @@ -4,3 +4,21 @@ if (!Auth::check() && UOJConfig::$data['switch']['force-login']) { redirectToLogin(); } + + $name = $_GET['image_name']; + if (!validateString($name)) { + become404Page(); + } + + $file_name = UOJContext::storagePath()."/image_hosting/$name.png"; + + $finfo = finfo_open(FILEINFO_MIME); + $mimetype = finfo_file($finfo, $file_name); + if ($mimetype === false) { + become404Page(); + } + finfo_close($finfo); + + header("X-Sendfile: $file_name"); + header("Content-type: $mimetype"); + header("Cache-Control: max-age=604800", true); diff --git a/web/app/libs/uoj-rand-lib.php b/web/app/libs/uoj-rand-lib.php index d39c527..5c40015 100644 --- a/web/app/libs/uoj-rand-lib.php +++ b/web/app/libs/uoj-rand-lib.php @@ -4,7 +4,7 @@ function uojRand($l, $r) { return mt_rand($l, $r); } -function uojRandString($len, $charset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { +function uojRandString($len, $charset = '0123456789abcdefghijklmnopqrstuvwxyz') { $n_chars = strlen($charset); $str = ''; for ($i = 0; $i < $len; $i++) { @@ -13,10 +13,10 @@ function uojRandString($len, $charset = '0123456789abcdefghijklmnopqrstuvwxyzABC return $str; } -function uojRandAvaiableFileName($dir) { +function uojRandAvaiableFileName($dir, $length = 20, $suffix = '') { do { - $fileName = $dir . uojRandString(20); - } while (file_exists(UOJContext::storagePath().$fileName)); + $fileName = $dir . uojRandString($length); + } while (file_exists(UOJContext::storagePath().$fileName.$suffix)); return $fileName; } diff --git a/web/app/libs/uoj-validate-lib.php b/web/app/libs/uoj-validate-lib.php index eb991a5..a685868 100644 --- a/web/app/libs/uoj-validate-lib.php +++ b/web/app/libs/uoj-validate-lib.php @@ -51,3 +51,7 @@ function validateIP($ip) { function validateURL($url) { return filter_var($url, FILTER_VALIDATE_URL) !== false; } + +function validateString($str) { + return preg_match('/[^0-9a-zA-Z]/', $str) !== true; +} diff --git a/web/app/route.php b/web/app/route.php index 3b89394..753207d 100644 --- a/web/app/route.php +++ b/web/app/route.php @@ -5,7 +5,7 @@ Route::pattern('id', '[1-9][0-9]{0,9}'); Route::pattern('contest_id', '[1-9][0-9]{0,9}'); Route::pattern('tab', '\S{1,20}'); Route::pattern('rand_str_id', '[0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]{20}'); -Route::pattern('image_name', '[0123456789abcdefghijklmnopqrstuvwxyz]{7}'); +Route::pattern('image_name', '[0-9a-z]{1,20}'); Route::pattern('upgrade_name', '[a-zA-Z0-9_]{1,50}'); Route::group([