{"id":21314710,"url":"https://github.com/amirhp-com/upload-url-to-server","last_synced_at":"2026-05-02T23:04:11.510Z","repository":{"id":198338432,"uuid":"312922252","full_name":"amirhp-com/upload-url-to-server","owner":"amirhp-com","description":"A simple PHP script to upload files directly from a URL to your web server, with features like auto file-name filling, real-time progress, and a self-destruct option for enhanced security.","archived":false,"fork":false,"pushed_at":"2025-01-08T10:54:09.000Z","size":1164,"stargazers_count":13,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-06T12:11:16.596Z","etag":null,"topics":["cpanel-servers","directadmin-servers","php","upload","wordpress"],"latest_commit_sha":null,"homepage":"https://amirhp-com.github.io/upload-url-to-server/","language":"PHP","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amirhp-com.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-14T23:38:07.000Z","updated_at":"2025-03-02T08:56:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"c33286d8-dc63-4a24-8bfd-6aa1a772a972","html_url":"https://github.com/amirhp-com/upload-url-to-server","commit_stats":null,"previous_names":["amirhp-com/upload-file-from-url-to-webserver"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/amirhp-com/upload-url-to-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirhp-com%2Fupload-url-to-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirhp-com%2Fupload-url-to-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirhp-com%2Fupload-url-to-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirhp-com%2Fupload-url-to-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amirhp-com","download_url":"https://codeload.github.com/amirhp-com/upload-url-to-server/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amirhp-com%2Fupload-url-to-server/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpanel-servers","directadmin-servers","php","upload","wordpress"],"created_at":"2024-11-21T18:15:08.409Z","updated_at":"2026-05-02T23:04:11.498Z","avatar_url":"https://github.com/amirhp-com.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BlackSwan — Upload File from URL to Web Server\n\n\u003e A single-file PHP utility that pulls any file from a remote URL straight onto your web server, with live progress, MITM relay mode, optional archive extraction, a built-in WordPress installer, file browser, PHP CLI support, and a one-click self-destruct.\n\n\u003ca href=\"screenshot-full.jpeg\" target=\"_blank\"\u003e\u003cimg src=\"screenshot.jpeg\" style=\"border-radius: 0.5rem;\" alt=\"Screenshot of the upload.php interface showing the upload form, progress bar, and file browser popup.\" width=\"400\"\u003e\u003c/a\u003e\n\n\u003e **Latest release:** v2.4.0 · 2026-05-03\u003cbr\u003e\n\u003e **Single file:** `upload.php` — drop it in, run it, delete it.\u003cbr\u003e\n\u003e **Zero dependencies:** pure PHP, vanilla JS, vanilla CSS. No Composer, no CDN, no build step.\n\n---\n\n## Why this exists\n\nSometimes you need to get a file *onto* a server but `wget` and `ssh` aren't available — shared hosting, locked-down cPanel, DirectAdmin, a managed WordPress host. You have FTP and a URL. That's it.\n\n`upload.php` bridges the gap: upload **this one file**, point it at any URL, and the server pulls the file directly. No more \"download to laptop → upload via FTP\" detours for a 2 GB archive.\n\n## Features\n\n- **Direct URL → server transfer** with live top-bar progress, file-size readout, elapsed time, and ETA.\n- **cURL-based engine** — works on SSL, non-SSL, DirectAdmin, follows redirects, 64 KB buffer, throttled UI updates.\n- **Universal archive extraction** (toggle): `.zip`, `.tar`, `.tar.gz`, `.tgz`, `.gz`.\n- **WordPress installer mode** (toggle): downloads, extracts, moves to root, keeps only the latest default theme, wipes default plugins, writes a `Disallow: /` `robots.txt`.\n- **File browser popup** — navigate directories (including parent dirs), copy file HTTP URLs, delete files/folders with confirmation, multi-select with bulk delete / copy URLs.\n- **PHP Info popup** — curated server diagnostics in a modal, full `phpinfo()` in a new tab.\n- **Help \u0026 CLI guide popup** — documents all PHP CLI flags and web endpoints.\n- **PHP CLI mode** — run `php upload.php --url=... --name=...` directly from the terminal.\n- **Dark theme** — GitHub-dark-style color palette with brand accent color (my favorite orange).\n- **Copy-to-clipboard** buttons for source and destination URL on the completion screen, with toast confirmation.\n- **iOS-style toggles**, mobile-responsive form, keyboard-accessible.\n- **Self-destruct** — one click (or `--delete` from CLI) and the script removes itself from the server.\n- **MITM relay mode** — when your server can't reach a URL directly, route the transfer through a second server running this same script. Server A asks the MITM server to fetch the source, then downloads the file from MITM to A, and optionally auto-deletes it from the relay. Exposes `_a=fetch` and `_a=del_by_name` JSON API endpoints used by the caller.\n- **FTP Browser tab** — connect to any FTP, FTPS (TLS), or SFTP server and browse its remote file tree. View Name / Size / Modified / Permissions columns, navigate directories with a breadcrumb bar, delete files, copy the bare remote path or a full HTTP URL (Web Base URL + path) to the clipboard, and pull any file down to the local server in one click. Accepts self-signed and unknown SSL certificates.\n- **FTP bulk actions** — checkboxes on every FTP browser row with select-all; bulk Copy URLs and bulk Delete with a single confirmation.\n- **Configurable path strip-prefix** — enter a prefix (e.g. `/www`) in the FTP connection form to strip it from remote paths when building Copy URL links.\n- **Bulk URL upload** — switch Direct Upload to bulk mode, paste multiple URLs (one per line), and download them to the server sequentially with per-item status rows, progress bar, and counter.\n- **Numeric permissions** — both the local file browser and the FTP browser now show symbolic permissions alongside the octal number (e.g. `-rwxr-xr-x 755`) with a hover tooltip describing each access level in plain language.\n- **Self-update** — \"Update\" button in the header checks the GitHub latest release via API; if a newer version is available, downloads and replaces the script in-place (backing up the current file as `upload.php.bak`).\n- **Path-traversal hardening** on folder and filename inputs.\n- **Auto file-name** suggested from the URL.\n\n## Requirements\n\n- PHP **7.0+** (tested up to 8.x).\n- `cURL` extension (almost always enabled).\n- `ZipArchive` extension for `.zip` extraction.\n- `PharData` extension (bundled with PHP) for `.tar` / `.tar.gz` / `.tgz`.\n- Write permissions in the directory where `upload.php` lives.\n\n## Installation (Web)\n\n1. **Download** [`upload.php`](upload.php).\n2. **Upload** it via FTP/SFTP/cPanel File Manager to your target directory.\n3. **Open** it in your browser: `https://yoursite.com/upload.php`.\n4. **Paste** the source URL, set the destination filename and (optionally) a subfolder.\n5. **Toggle** \"Extract archive\" or \"WordPress installer\" if you need them.\n6. Click **Upload File** and watch the progress bar.\n7. When done, **click \"Self Destruct\"** to remove the script.\n\n## PHP CLI Usage\n\n```bash\nphp upload.php --url=\u003cURL\u003e --name=\u003cfilename\u003e [options]\n\nOptions:\n --url=\u003cURL\u003e Source URL to download (required)\n --name=\u003cfilename\u003e Destination filename (required)\n --folder=\u003cdir\u003e Sub-directory (optional)\n --extract Extract archive after download\n --wpinstall WordPress installer mode\n --delete Self-destruct (removes upload.php)\n --mitm=\u003cURL\u003e MITM server upload.php URL (required for MITM mode)\n --mitm-keep Keep file on MITM server after transfer\n --help Show help\n```\n\n### Examples\n\n```bash\n# WordPress install\nphp upload.php --url=https://wordpress.org/latest.zip --name=wp.zip --wpinstall\n\n# Extract archive to subdirectory\nphp upload.php --url=https://example.com/app.zip --name=app.zip --folder=downloads --extract\n\n# Download a file\nphp upload.php --url=https://example.com/file.tar.gz --name=archive.tar.gz --extract\n\n# MITM relay — route through a proxy server\nphp upload.php --mitm=https://turkey.example.com/upload.php --url=https://iran.example.com/file.zip --name=file.zip\n```\n\n## URL endpoints\n\n| URL | Action |\n| ------------------------ | ----------------------------------------------- |\n| `upload.php` | Main upload form. |\n| `upload.php?phpinfo=1` | Full native `phpinfo()` in new tab. |\n| `upload.php?delete=true` | Self-destruct — deletes the script. |\n| `upload.php?r=…` | Cache-busting reload of the form. |\n| `upload.php` (`_a=fetch`) | MITM API: fetch a URL to this server and return JSON with file URL. |\n| `upload.php` (`_a=del_by_name`) | MITM API: delete a file by name/folder from this server. |\n\n## Usage tips\n\n- **WordPress in two clicks**: leave the default URL (`https://wordpress.org/latest.zip`), enable the **WordPress installer** toggle, hit upload.\n- **Generic archive**: enable just the **Extract archive** toggle.\n- **Subfolder uploads**: type `path/to/subfolder` in the destination folder field.\n- **File browser**: click **Files** in the header to browse the server filesystem, copy URLs, and delete items.\n- **PHP Info**: click **PHP Info** in the header to see a curated diagnostics panel in a popup.\n- **Help**: click **? Help** in the header for CLI usage and web endpoint reference.\n\n## ⚠️ Security notes\n\n\u003e This tool is **intentionally permissive** — it is designed to be uploaded, used, and immediately deleted. Treat it as a temporary utility, not as part of your application.\n\n- **Always self-destruct** when you're done.\n- The script does **not** ship with auth. If you need protection during a long upload, drop a `.htaccess` Basic Auth gate next to it, or rename the file to something unguessable.\n- The page itself is `\u003cmeta name=\"robots\" content=\"noindex,nofollow\"\u003e`.\n- File and folder inputs are sanitised against `..`, null bytes, mixed slashes, and leading separators.\n- The file browser cannot delete the script itself, but can traverse the entire filesystem the PHP process has read access to.\n\n## Changelog\n\nFull history: [CHANGELOG.md](CHANGELOG.md).\n\nRecent highlights:\n\n- **v2.4.0** — Fixed FTP folder navigation (SVG click delegation); configurable \"Download-to Folder\" for FTP Copy-to-Server; wider 1000px layout; bulk mode hides unused filename field.\n- **v2.3.0** — FTP bulk actions (checkboxes, bulk Copy URLs, bulk Delete); Direct Upload bulk mode (multi-URL textarea, per-item progress, sequential AJAX downloads); configurable FTP path strip-prefix; numeric (octal) permissions with human-readable tooltips in both file browsers; self-update from GitHub latest release with backup.\n- **v2.1.0** — FTP Browser tab: connect to FTP/FTPS/SFTP servers, browse the remote file tree, copy path or full HTTP URL, delete files, and pull any file to the local server. Stateless credential passing, self-signed cert acceptance, localStorage persistence for all fields except password.\n- **v2.0.0** — MITM relay mode (proxy-server transfers via `_a=fetch`/`_a=del_by_name` API), Phosphor SVG icons (fully local, no external resources), larger fonts, Direct/MITM tab switcher with localStorage persistence, wider content area (700px), CLI `--mitm`/`--mitm-keep` flags.\n- **v1.9.2** — Dark iOS UI, top-bar progress with ETA, file browser popup (AJAX), PHP Info modal, Help/CLI guide popup, PHP CLI mode, minified CSS/JS, semver versioning.\n- **v1.8.0** — Inline SVG icon, scoped `delete_file` action with realpath safety, output-buffer padding for proxied hosts.\n- **v1.7.0** *(folded into v1.8.0)* — cURL engine, iOS toggles, universal archive extraction, copy buttons, PHP info panel.\n- **v1.6.0** — `delete_file` action, `?force=1` cURL switch, inline SVG favicon.\n- **v1.4.0** — WordPress installer mode, self-destruct on finish screen.\n\n## Contributing\n\nPull requests are welcome.\n\n1. Fork the repo.\n2. Branch off `main`.\n3. Keep the file count low — this project is a **single file**. New features land inside `upload.php`.\n4. Update `CHANGELOG.md` under a new version section.\n5. Open a PR with a clear description and (if UI changes) a screenshot.\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n\n## Disclaimer\n\nProvided as-is. The author accepts no responsibility for misuse, lost data, or security incidents resulting from leaving this script accessible on a production server. Self-destruct it the moment you're done.\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famirhp-com%2Fupload-url-to-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famirhp-com%2Fupload-url-to-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famirhp-com%2Fupload-url-to-server/lists"}