2018-03-03 16:12:44 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
global $OPTIONS;
|
|
|
|
|
|
|
|
|
|
require_once (__DIR__ . '/../internals/base.php');
|
|
|
|
|
require_once (__DIR__ . '/../internals/database.php');
|
|
|
|
|
|
|
|
|
|
$folder = $OPTIONS['folder'];
|
2018-12-22 21:20:12 +01:00
|
|
|
$filename = $OPTIONS['filename'];
|
|
|
|
|
$secret = $OPTIONS['secret'];
|
|
|
|
|
$uri = $OPTIONS['uri'];
|
2018-03-03 16:12:44 +01:00
|
|
|
|
2018-12-22 21:20:12 +01:00
|
|
|
$reltarget = "Backup/$folder/$filename";
|
2018-03-03 16:12:44 +01:00
|
|
|
|
|
|
|
|
if ($secret !== $CONFIG['upload_secret']) die('Unauthorized.');
|
|
|
|
|
|
|
|
|
|
$putdata = fopen("php://input", "r");
|
2018-12-22 21:20:12 +01:00
|
|
|
$fp = tmpfile();
|
|
|
|
|
$tmppath = stream_get_meta_data($fp)['uri'];
|
2018-03-03 16:12:44 +01:00
|
|
|
while ($data = fread($putdata, 1024)) fwrite($fp, $data);
|
|
|
|
|
fclose($fp);
|
|
|
|
|
fclose($putdata);
|
|
|
|
|
|
2018-12-22 21:20:12 +01:00
|
|
|
$std = shell_exec("sudo ncc_upload " . '"' . $tmppath . '" "' . $reltarget . '"'); // ncc_upload is allowed for all in /etc/sudoers
|
2018-03-03 16:12:44 +01:00
|
|
|
|
2018-12-22 21:20:12 +01:00
|
|
|
$content = "REQUEST: " . $uri . "\r\n\r\n" .
|
2018-03-03 16:12:44 +01:00
|
|
|
"IP: " . get_client_ip() . "\r\n\r\n" .
|
2018-12-22 21:20:12 +01:00
|
|
|
"TARGET: " . $reltarget . "\r\n\r\n" .
|
|
|
|
|
"OUTPUT: " . $std . "\r\n\r\n";
|
2018-03-03 16:12:44 +01:00
|
|
|
|
|
|
|
|
sendMail("Fileupload to '$folder' triggered", $content, 'virtualadmin@mikescher.de', 'webserver-error@mikescher.com');
|
