From 8d20a79bc7587bdea04543153fc072e299b15bd0 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Sun, 17 Dec 2023 12:37:11 +0700 Subject: [PATCH] Minor improvements for announcer (#1207) --- bt/announce.php | 7 +++---- bt/scrape.php | 16 +++++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/bt/announce.php b/bt/announce.php index 5cac1cd3b..95566cd05 100644 --- a/bt/announce.php +++ b/bt/announce.php @@ -36,7 +36,6 @@ if (!isset($_GET[$passkey_key]) || !is_string($_GET[$passkey_key])) { } // Input var names - // String $input_vars_str = ['info_hash', 'peer_id', 'event', $passkey_key]; // Numeric @@ -182,11 +181,13 @@ if ($lp_info) { $hybrid_unrecord = $lp_info['hybrid_unrecord'] ?? false; } else { $info_hash_sql = rtrim(DB()->escape($info_hash), ' '); + /** * Currently torrent clients send truncated v2 hashes (the design raises questions). * https://github.com/bittorrent/bittorrent.org/issues/145#issuecomment-1720040343 */ $info_hash_where = "WHERE tor.info_hash = '$info_hash_sql' OR SUBSTRING(tor.info_hash_v2, 1, 20) = '$info_hash_sql'"; + $passkey_sql = DB()->escape($passkey); $sql = " @@ -200,7 +201,7 @@ if ($lp_info) { // Verify if torrent registered on tracker and user authorized if (empty($row['topic_id'])) { - msg_die('Torrent not registered, info_hash = ' . $info_hash_hex); + msg_die('Torrent not registered, info_hash = ' . (mb_check_encoding($info_hash, 'UTF8') ? $info_hash : $info_hash_hex)); } if (empty($row['user_id'])) { msg_die('Please LOG IN and RE-DOWNLOAD this torrent (user not found)'); @@ -349,7 +350,6 @@ if ($lp_info && empty($hybrid_unrecord)) { } if ((!$lp_info || !$peer_info_updated) && !$stopped && empty($hybrid_unrecord)) { - $columns = "peer_hash, topic_id, user_id, $ip_version, port, seeder, releaser, tor_type, uploaded, downloaded, remain, speed_up, speed_down, up_add, down_add, update_time, complete, peer_id"; $values = "'$peer_hash', $topic_id, $user_id, '$ip_sql', $port, $seeder, $releaser, $tor_type, $uploaded, $downloaded, $left, $speed_up, $speed_down, $up_add, $down_add, $update_time, $complete, '$peer_id_sql'"; @@ -404,7 +404,6 @@ if (!$output) { } if ($compact_mode) { - $peers = ''; $peers6 = ''; diff --git a/bt/scrape.php b/bt/scrape.php index 37b788c61..2b0d4bfab 100644 --- a/bt/scrape.php +++ b/bt/scrape.php @@ -32,15 +32,18 @@ if (!isset($info_hash)) { // Store info hash in hex format $info_hash_hex = bin2hex($info_hash); -// Handle multiple hashes +// Check info_hash length +if (strlen($info_hash) !== 20) { + msg_die('Invalid info_hash: ' . (mb_check_encoding($info_hash, 'UTF8') ? $info_hash : $info_hash_hex)); +} +// Handle multiple hashes preg_match_all('/info_hash=([^&]*)/i', $_SERVER['QUERY_STRING'], $info_hash_array); $torrents = []; $info_hashes = []; foreach ($info_hash_array[1] as $hash) { - $decoded_hash = urldecode($hash); if (strlen($decoded_hash) !== 20) { @@ -57,7 +60,6 @@ foreach ($info_hash_array[1] as $hash) { $info_hash_count = count($info_hashes); if (!empty($info_hash_count)) { - if ($info_hash_count > $bb_cfg['max_scrapes']) { $info_hashes = array_slice($info_hashes, 0, $bb_cfg['max_scrapes']); } @@ -65,10 +67,9 @@ if (!empty($info_hash_count)) { $info_hashes_sql = implode('\', \'', $info_hashes); /** - * Currently torrent clients send truncated v2 hashes (the design raises questions). - * https://github.com/bittorrent/bittorrent.org/issues/145#issuecomment-1720040343 - */ - + * Currently torrent clients send truncated v2 hashes (the design raises questions). + * https://github.com/bittorrent/bittorrent.org/issues/145#issuecomment-1720040343 + */ $info_hash_where = "tor.info_hash IN ('$info_hashes_sql') OR SUBSTRING(tor.info_hash_v2, 1, 20) IN ('$info_hashes_sql')"; $sql = " @@ -96,6 +97,7 @@ if (!empty($info_hash_count)) { } } +// Verify if torrent registered on tracker if (empty($torrents)) { msg_die('Torrent not registered, info_hash = ' . (mb_check_encoding($info_hash, 'UTF8') ? $info_hash : $info_hash_hex)); }