From 68d8c336877b8c9e12bb0d5d7da8f4b19a4f48ea Mon Sep 17 00:00:00 2001
From: mul91n <jacob@mulquin.com>
Date: Sat, 14 Aug 2021 15:30:48 +1000
Subject: [PATCH] Return early on move_uploaded_files() error

---
 index.php | 97 +++++++++++++++++++++++++++----------------------------
 1 file changed, 48 insertions(+), 49 deletions(-)

diff --git a/index.php b/index.php
index b436f2f..3dc070a 100755
--- a/index.php
+++ b/index.php
@@ -147,58 +147,57 @@ function store_file($name, $tmpfile, $formatted = false)
     }
 
     $res = move_uploaded_file($tmpfile, $target_file);
-    if ($res)
-    {
-        if ($EXTERNAL_HOOK !== null)
-        {
-            putenv("REMOTE_ADDR=".$_SERVER['REMOTE_ADDR']);
-            putenv("ORIGINAL_NAME=".$name);
-            putenv("STORED_FILE=".$target_file);
-            $ret = -1;
-            $out = exec($EXTERNAL_HOOK, $_ = null, $ret);
-            if ($out !== false && $ret !== 0)
-            {
-                unlink($target_file);
-                header("HTTP/1.0 400 Bad Request");
-                print("Error: ".$out."\n");
-                return;
-            }
-        }
-
-        //print the download link of the file
-        $url = sprintf('%s://%s/'.$DOWNLOAD_PATH,
-                       $HTTP_PROTO,
-                       $_SERVER["SERVER_NAME"], 
-                       $basename);
-        if ($formatted)
-        {
-            printf('<pre>Access your file here: <a href="%s">%s</a></pre>', $url, $url);
-        }
-        else
-        {
-            printf($url."\n");
-        }
-
-        // log uploader's IP, original filename, etc.
-        if ($LOG_PATH)
-        {
-            file_put_contents(
-                $LOG_PATH,
-                implode("\t", array(
-                    date('c'),
-                    $_SERVER['REMOTE_ADDR'],
-                    filesize($tmpfile),
-                    escapeshellarg($name),
-                    $basename
-                )) . "\n",
-                FILE_APPEND
-            );
-        }
-    }
-    else
+    if (!$res)
     {
         //TODO: proper error handling?
         header("HTTP/1.0 520 Unknown Error");
+        return;
+    }
+    
+    if ($EXTERNAL_HOOK !== null)
+    {
+        putenv("REMOTE_ADDR=".$_SERVER['REMOTE_ADDR']);
+        putenv("ORIGINAL_NAME=".$name);
+        putenv("STORED_FILE=".$target_file);
+        $ret = -1;
+        $out = exec($EXTERNAL_HOOK, $_ = null, $ret);
+        if ($out !== false && $ret !== 0)
+        {
+            unlink($target_file);
+            header("HTTP/1.0 400 Bad Request");
+            print("Error: ".$out."\n");
+            return;
+        }
+    }
+
+    //print the download link of the file
+    $url = sprintf('%s://%s/'.$DOWNLOAD_PATH,
+                    $HTTP_PROTO,
+                    $_SERVER["SERVER_NAME"], 
+                    $basename);
+    if ($formatted)
+    {
+        printf('<pre>Access your file here: <a href="%s">%s</a></pre>', $url, $url);
+    }
+    else
+    {
+        printf($url."\n");
+    }
+
+    // log uploader's IP, original filename, etc.
+    if ($LOG_PATH)
+    {
+        file_put_contents(
+            $LOG_PATH,
+            implode("\t", array(
+                date('c'),
+                $_SERVER['REMOTE_ADDR'],
+                filesize($tmpfile),
+                escapeshellarg($name),
+                $basename
+            )) . "\n",
+            FILE_APPEND
+        );
     }
 }