MOON
Server: Apache
System: Linux vps.erhabenn.com.br 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User: machen (1008)
PHP: 8.2.31
Disabled: NONE
$ pwd: /disk001/machen/public_html/flsBKP/
Upload Files
File: /disk001/machen/public_html/flsBKP/index.php
<?php
// Iniciar cURL
$ch = curl_init();

// Captura a URI e decodifica
$requestFile = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';

$fileJson = json_decode($requestFile);

// Verifica a presença de "/name/" na URI
if (strpos($_SERVER['REQUEST_URI'], '/name/') === false) {
    die('Invalid request');
}

// Extrai o nome real do arquivo e o nome para exibição
$uriParts = explode("/name/", $_SERVER['REQUEST_URI']);
$realFileName = isset($uriParts[0]) ? urldecode(trim($uriParts[0], "/")) : '';
$realName = isset($uriParts[1]) ? urldecode($uriParts[1]) : '';

function sanitizeString($string) {

    // matriz de entrada
    $what = array( 'ä','ã','à','á','â','ê','ë','è','é','ï','ì','í','ö','õ','ò','ó','ô','ü','ù','ú','û','À','Á','É','Í','Ó','Ú','ñ','Ñ','ç','Ç',' ','-','(',')',',',';',':','|','!','"','#','$','%','&','/','=','?','~','^','>','<','ª','º' );

    // matriz de saída
    $by   = array( 'a','a','a','a','a','e','e','e','e','i','i','i','o','o','o','o','o','u','u','u','u','A','A','E','I','O','U','n','n','c','C','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_','_' );

    // devolver a string
    return str_replace($what, $by, $string);
}

$realName= sanitizeString($realName);
// exit;

if (!$realFileName || !$realName) {
    die('File name or real name missing');
}

// echo  $realName;
// exit;

// Cria a URL para o arquivo remoto
$fileId = curl_escape($ch, $realFileName);
$url = "https://machen.azureedge.net/" . $fileId;

// Configura o cURL para buscar o arquivo
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

// Executa o cURL e verifica o código de resposta
$res = curl_exec($ch);
$rescode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Verifica se o arquivo foi encontrado ou tenta nova URL codificada
if ($rescode === 404) {
    $url = "https://machen.azureedge.net/" . urlencode($fileId);
    curl_setopt($ch, CURLOPT_URL, $url);
    $res = curl_exec($ch);
    $rescode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
}

// Fechar cURL após a execução
curl_close($ch);

// Se a resposta ainda for 404, finaliza com erro
if ($rescode === 404) {
    die('Error: File not found.');
}

// Limpa o nome do arquivo para uso seguro no cabeçalho
$newFileName = str_replace([",", " "], "_", $realName);

// Função de obtenção de MIME type
function get_mime_type($filename) {
    $idx = explode('.', $filename);
    $count_explode = count($idx);
    $extension = strtolower($idx[$count_explode - 1]);

    $mimes = [
        '3gp'   => 'video/3gpp',
        '7z'    => 'application/x-7z-compressed',
        'aac'   => 'audio/aac',
        'abw'   => 'application/x-abiword',
        'ai'    => 'application/postscript',
        'avi'   => 'video/x-msvideo',
        'bmp'   => 'image/bmp',
        'csv'   => ['text/csv', 'application/csv'],
        'doc'   => 'application/msword',
        'docx'  => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
        'gif'   => 'image/gif',
        'html'  => 'text/html',
        'jpeg'  => ['image/jpeg', 'image/pjpeg'],
        'jpg'   => ['image/jpeg', 'image/pjpeg'],
        'json'  => ['application/json', 'text/json'],
        'mp3'   => 'audio/mpeg',
        'mp4'   => 'video/mp4',
        'pdf'   => 'application/pdf',
        'png'   => 'image/png',
        'ppt'   => 'application/vnd.ms-powerpoint',
        'pptx'  => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
        'rar'   => 'application/vnd.rar',
        'rtf'   => 'application/rtf',
        'svg'   => 'image/svg+xml',
        'txt'   => 'text/plain',
        'xls'   => 'application/vnd.ms-excel',
        'xlsx'  => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
        'xml'   => ['application/xml', 'text/xml'],
        'zip'   => 'application/zip',
        'tar.gz'=> 'application/x-gzip',
        // Adicione mais conforme necessário
    ];

    return isset($mimes[$extension]) ? $mimes[$extension] : 'application/octet-stream';
}

// Obtém o tipo MIME correto
$contentType = get_mime_type($realName);

// Definir cabeçalhos HTTP para download ou exibição
// header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
header("Etag: $fileId.$newFileName");
header('Cache-Control: must-revalidate');
header('Pragma: public');
// header("Content-Disposition: attachment; filename=\"$newFileName\"");
header("Content-Type: " . (is_array($contentType) ? $contentType[0] : $contentType));

// Enviar o conteúdo do arquivo
echo $res;
exit;
?>
@ Telegram