good point with the mkdir, mv and touch, I just pushed an update to use php functions for that instead of shell.
No reason to be concerned though, the user controlled input is sanitized and no shell command is/was executed based on unsanitized user input.
the user agent check was a relic from when it behaved differently, browser vs curl, it is not needed anymore and has been removed.
Pull Request are always welcome
edit: I also just pushed an update to use bin2hex(random_bytes(16)) instead of uniquid to make sure we never have collisions, for arguments sake (even though I thought that risk was rather low to begin with)
The goal was a minimum viable implementation of a file sharing service that can be self hosted.
Simplicity to this extreme serves many purposes, it is easy to understand and debug, has less attack surface, less dependencies and is small (in terms of lines of Code, less than 100, and size, less than 50K).
If one needs more features or more control, there are certainly many options out there, I created this not to compete with other projects but to provide a super simple solution to a specific problem.
the user agent check was a relic from when it behaved differently, browser vs curl, it is not needed anymore and has been removed. Pull Request are always welcome
edit: I also just pushed an update to use bin2hex(random_bytes(16)) instead of uniquid to make sure we never have collisions, for arguments sake (even though I thought that risk was rather low to begin with)