esp-signed-updater-mqtt/arduino-download.php

<?php

header('Content-type: text/plain; charset=utf8', true);

function check_header($k, $v = false) {
	if (!isset($_SERVER[$k]))
		return false;
	if ($v && $_SERVER[$k] !== $v)
		return false;
	return true;
}

# validate the headers
if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') ||
	!check_header('HTTP_X_ESP8266_STA_MAC') ||
	!check_header('HTTP_X_ESP8266_AP_MAC') ||
	!check_header('HTTP_X_ESP8266_FREE_SPACE') ||
	!check_header('HTTP_X_ESP8266_SKETCH_SIZE') ||
	!check_header('HTTP_X_ESP8266_SKETCH_MD5') ||
	!check_header('HTTP_X_ESP8266_CHIP_SIZE') ||
	!check_header('HTTP_X_ESP8266_SDK_VERSION')
) {
	header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);
	exit();
}

# sanitize inputs
$room    = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']);
$device  = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']);
$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']);
$filenames = glob("./arduino-images/$room/$device/*.bin");

$path = false;

if (is_array($filenames)) {
	$num = count($filenames);
	if ($num >= 1) {
		$newest = $filenames[$num - 1];
		if (preg_match('/\/(\d+).bin$/', $newest, $matches)) {
			$server_version = $matches[1];
			if ((int) $server_version > (int) $version) {
				$path = $newest;
			}
		}
	}
}

if ($path) {
	header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);
	header('Content-Type: application/octet-stream', true);
	header('Content-Disposition: attachment; filename='.basename($path));
	header('Content-Length: '.filesize($path), true);
	header('x-MD5: '.md5_file($path), true);
	readfile($path);
} else {
	header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304);
}

?>
add php files 2020-05-06 21:24:25 +02:00			`<?php`

			`header('Content-type: text/plain; charset=utf8', true);`

			`function check_header($k, $v = false) {`
			`if (!isset($_SERVER[$k]))`
			`return false;`
			`if ($v && $_SERVER[$k] !== $v)`
			`return false;`
			`return true;`
			`}`

			`# validate the headers`
			`if (!check_header('HTTP_USER_AGENT', 'ESP8266-http-Update') \|\|`
			`!check_header('HTTP_X_ESP8266_STA_MAC') \|\|`
			`!check_header('HTTP_X_ESP8266_AP_MAC') \|\|`
			`!check_header('HTTP_X_ESP8266_FREE_SPACE') \|\|`
			`!check_header('HTTP_X_ESP8266_SKETCH_SIZE') \|\|`
			`!check_header('HTTP_X_ESP8266_SKETCH_MD5') \|\|`
			`!check_header('HTTP_X_ESP8266_CHIP_SIZE') \|\|`
			`!check_header('HTTP_X_ESP8266_SDK_VERSION')`
			`) {`
			`header($_SERVER["SERVER_PROTOCOL"].' 403 Forbidden', true, 403);`
			`exit();`
			`}`

			`# sanitize inputs`
			`$room = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['room']);`
			`$device = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_GET['device']);`
			`$version = preg_replace('/[^A-Za-z0-9_\-\.]/', '', $_SERVER['HTTP_X_ESP8266_VERSION']);`
			`$filenames = glob("./arduino-images/$room/$device/*.bin");`

			`$path = false;`

			`if (is_array($filenames)) {`
			`$num = count($filenames);`
			`if ($num >= 1) {`
			`$newest = $filenames[$num - 1];`
			`if (preg_match('/\/(\d+).bin$/', $newest, $matches)) {`
			`$server_version = $matches[1];`
			`if ((int) $server_version > (int) $version) {`
			`$path = $newest;`
			`}`
			`}`
			`}`
			`}`

			`if ($path) {`
			`header($_SERVER["SERVER_PROTOCOL"].' 200 OK', true, 200);`
			`header('Content-Type: application/octet-stream', true);`
			`header('Content-Disposition: attachment; filename='.basename($path));`
			`header('Content-Length: '.filesize($path), true);`
			`header('x-MD5: '.md5_file($path), true);`
			`readfile($path);`
			`} else {`
			`header($_SERVER["SERVER_PROTOCOL"].' 304 Not Modified', true, 304);`
			`}`

			`?>`