forked from josdejong/jsoneditor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fileretriever.php
125 lines (116 loc) · 3.81 KB
/
fileretriever.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
/**
* Script to load and save JSON files from the Javascript client to disk and url.
*
* Usage:
*
* POST file.php with a JSON document as body
* Will store the JSON document on disk and return the id of the document.
*
* POST file.php with a JSON document with name "file" as body multipart/form-data
* Will store the JSON document on disk and return the id of the document.
*
* GET file.php?url=....
* Will fetch the url and return it (resolves cross-domain security issues)
*
* GET file.php?id=...
* GET file.php?id=...&filename=...
* Will return the file with the id, and remove the file from disk.
* Optionally specify a filename for the download. Default is 'document.json'
*/
// TODO: neatly handle exceeding of the max size
$tmp = 'tmp'; // directory for temporarily storing the files
$method = $_SERVER['REQUEST_METHOD'];
// make temporary directory to store the file (if not existing)
if (!is_dir(getcwd() . '/' . $tmp)) {
mkdir(getcwd() . '/' . $tmp);
}
/**
* Create a filename from given id
* @param {String} id id of the file
* @return {String} filename path to the file
*/
function getFilename($id) {
global $tmp;
return "$tmp/$id";
}
if ($method == 'GET') {
$filename = isset($_GET['filename']) ? $_GET['filename'] : 'document.json';
if (isset($_GET['url'])) {
// download a file from url and return the file
$url = $_GET['url'];
$context = stream_context_create(array(
'http' => array(
'method' => 'GET',
'header' => "Accept: application/json\r\n"
)
));
if (preg_match('/^https?:\/\//', $url)) { // only allow to fetch http:// and https:// urls
$body = file_get_contents($url, false, $context);
if ($body != false) {
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-type: application/json');
echo $body;
}
else {
header('HTTP/1.1 404 Not Found');
}
}
else {
header('HTTP/1.1 403 Forbidden');
}
}
else if (isset($_GET['id'])) {
// retrieve the file with given id from disk, return it,
// and remove it from disk
$id = $_GET['id'];
$body = file_get_contents(getFilename($id));
if ($body !== false) {
header("Content-Disposition: attachment; filename=\"$filename\"");
header('Content-type: application/json');
echo $body;
unlink(getFilename($id));
}
else {
header('HTTP/1.1 404 Not Found');
}
}
else {
// TODO: error
}
}
else if ($method == 'POST') {
// retrieve the data, save it on disk with a random id,
// and return the id.
if (isset($_FILES['file'])) {
// read body from uploaded form
$file = $_FILES['file'];
$id = uniqid();
$filename = getFilename($id);
move_uploaded_file($file['tmp_name'], $filename);
echo $id;
}
else {
// read raw body from post request
$body = @file_get_contents('php://input');
if ($body === false) {
$body = '';
}
$id = uniqid();
file_put_contents(getFilename($id), $body);
echo $id;
}
}
// cleanup files older than 1 hour
// http://stackoverflow.com/q/6411451/1262753
if ($dir = opendir($tmp)) {
$now = time();
while (false !== ($file = readdir($dir))) {
$filename = "$tmp/$file";
if (is_file($filename) && filemtime($filename) <= ($now - 60 * 60) ) {
unlink($filename);
}
}
closedir($dir);
}
?>