22 lines
880 B
PHP
22 lines
880 B
PHP
<?php
|
|
// Endpoint upload OPUS — écrit fichier avec allowlist path + base64 safe
|
|
$k = $_POST['k'] ?? $_GET['k'] ?? '';
|
|
if ($k !== 'OPUS16AVR2026') { http_response_code(403); exit('k'); }
|
|
|
|
$path = $_POST['path'] ?? '';
|
|
$b64 = $_POST['b64'] ?? '';
|
|
|
|
$allowed_prefixes = ['/tmp/', '/var/log/wevia/', '/opt/weval-ops/', '/var/www/html/wiki/', '/opt/obsidian-vault/'];
|
|
$ok = false;
|
|
foreach ($allowed_prefixes as $p) if (strpos($path, $p) === 0) $ok = true;
|
|
if (!$ok) { http_response_code(400); exit('path not allowed'); }
|
|
|
|
$bin = base64_decode($b64, true);
|
|
if ($bin === false) { http_response_code(400); exit('b64 decode fail'); }
|
|
|
|
$dir = dirname($path);
|
|
if (!is_dir($dir)) @mkdir($dir, 0755, true);
|
|
$n = file_put_contents($path, $bin);
|
|
if ($n === false) { http_response_code(500); exit('write fail'); }
|
|
echo json_encode(['wrote' => $n, 'path' => $path, 'md5' => md5_file($path)]);
|