Fill in missing API info, put todo to verify MD5 hash of uploaded file

2024-11-21 08:15:06 -05:00 · 2013-08-06 20:32:32 -04:00 · 2013-08-06 20:32:32 -04:00 · 409d980219
commit 409d980219
parent ee84fbcc0f
2 changed files with 9 additions and 5 deletions
--- a/docs/network-api.txt
+++ b/docs/network-api.txt
@ -3,8 +3,11 @@ puush server        216.155.137.235

 UPLOADING
 POST        ->  http://puush.me/api/up
-                "k" = ?
-                "c" = ?
+                "k" = API key, 32 characters long like MD5, all uppercase
+                "c" = MD5 hash of the image, lowercase
                "z" = "poop" -- junk
                "f" = image
-            <-  0,http://puu.sh/IMGID,??,??
+            <-  0,http://puu.sh/IMGID,??,??
+
+therefore, a file can be uploaded to puush.me or this puush-api and the url extracted with curl and cut like so ($1 is path to file):
+curl -s -X POST -H 'Content-Type: multipart/form-data' -F "k=$puush_api_key" -F "c=$(md5sum "$1" | cut -d' ' -f1)" -F "z=poop" -F "f=@${1};filename=ss ($(date '+%Y-%m-%d at %I.%M.%S')).png;type=application/octet-stream" http://puush.me/api/up | cut -d, -f2
--- a/web/upload.php
+++ b/web/upload.php
@ -4,10 +4,10 @@ define('puush', '');
 require_once 'config.php';
 require_once 'func.php';

-// ?
+// API key
 $k = get_post_var('k');

-// ?
+// MD5 hash of file
 $c = get_post_var('c');

 // Check for the file
@ -26,6 +26,7 @@ if ($file['size'] > MAX_FILE_SIZE)
 }

 // Ensure the image is actually a file and not a friendly virus
+// todo: validate MD5 hash either in this function or here
 if (validate_image($file) === FALSE)
 {
    exit ('ERR Invalid image.');