DSCKabarak · moturi-phil · Apr 9, 2021 · Apr 10, 2021 · Apr 11, 2021 · Apr 11, 2021
diff --git a/.gitignore b/.gitignore
@@ -26,3 +26,5 @@ yarn-error.log
 
 # Do not include backup lang files
 resources/lang/*/[a-zA-Z]*20[0-9][0-9][0-1][0-9][0-3][0-9]_[0-2][0-9][0-5][0-9][0-5][0-9].php
+vendor
+vendor
diff --git a/Procfile b/Procfile
@@ -0,0 +1 @@
+web: vendor/bin/heroku-php-apache2 public/
diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php
@@ -11,7 +11,7 @@ class VerifyCsrfToken extends Middleware
      *
      * @var bool
      */
-    protected $addHttpCookie = true;
+    protected $addHttpCookie = false;
 
     /**
      * The URIs that should be excluded from CSRF verification.

diff --git a/composer.json b/composer.json
@@ -14,6 +14,7 @@
     "require": {
         "php": "^7.3",
         "ext-json": "*",
+        "aws/aws-sdk-php": "~3.0",
         "doctrine/dbal": "^2.9",
         "dompdf/dompdf": "^0.8",
         "fideloper/proxy": "^4.2",

diff --git a/composer.lock b/composer.lock
diff --git a/public/index.php b/public/index.php
@@ -58,3 +58,33 @@
 $response->send();
 
 $kernel->terminate($request, $response);
+
+
+// this will simply read AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from env vars
+$s3 = new Aws\S3\S3Client([
+    'version'  => '2006-03-01',
+    'region'   => 'us-east-1',
+]);
+$bucket = getenv('S3_BUCKET')?: die('No "S3_BUCKET" config var in found in env!');
+?>
+<html>
+    <head><meta charset="UTF-8"></head>
+    <body>
+        <h1>S3 upload example</h1>
+<?php
+if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_FILES['userfile']) && $_FILES['userfile']['error'] == UPLOAD_ERR_OK && is_uploaded_file($_FILES['userfile']['tmp_name'])) {
+    // FIXME: you should add more of your own validation here, e.g. using ext/fileinfo
+    try {
+        // FIXME: you should not use 'name' for the upload, since that's the original filename from the user's computer - generate a random filename that you then store in your database, or similar
+        $upload = $s3->upload($bucket, $_FILES['userfile']['name'], fopen($_FILES['userfile']['tmp_name'], 'rb'), 'public-read');
+?>
+        <p>Upload <a href="<?=htmlspecialchars($upload->get('ObjectURL'))?>">successful</a> :)</p>
+<?php } catch(Exception $e) { ?>
+        <p>Upload error :(</p>
+<?php } } ?>
+        <h2>Upload a file</h2>
+        <form enctype="multipart/form-data" action="<?=$_SERVER['PHP_SELF']?>" method="POST">
+            <input name="userfile" type="file"><input type="submit" value="Upload">
+        </form>
+    </body>
+</html>
-Original file line number
+Diff line change
@@ Expand Up / @@ -26,3 +26,5 @@ yarn-error.log @@
     # Do not include backup lang files
     resources/lang/*/[a-zA-Z]*20[0-9][0-9][0-1][0-9][0-3][0-9]_[0-2][0-9][0-5][0-9][0-5][0-9].php
+    vendor
+    vendor