scratch – Blame information for rev 37
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 28 | office | 1 | <?php |
| 2 | |||
| 3 | ########################################################################### |
||
| 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
| 5 | ########################################################################### |
||
| 6 | |||
| 37 | office | 7 | header('Content-Type: text/html; charset=utf-8'); |
| 8 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
||
| 9 | header('Pragma: no-cache'); |
||
| 10 | header('Expires: 0'); |
||
| 11 | |||
| 28 | office | 12 | require_once('inc/pseudocrypt.php'); |
| 13 | require_once('inc/functions.php'); |
||
| 14 | require_once('config.php'); |
||
| 15 | |||
| 37 | office | 16 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
| 17 | !isset($_POST['action']) or empty($_POST['action'])) |
||
| 18 | return; |
||
| 19 | |||
| 20 | #### Check fingerprint consistency. |
||
| 21 | $fingerprint = strtoupper($_POST['fingerprint']); |
||
| 22 | if(strlen($fingerprint) !== 32) |
||
| 23 | return; |
||
| 24 | |||
| 25 | $action = strtoupper($_POST['action']); |
||
| 26 | |||
| 27 | #### Data must be sent in order to save a file. |
||
| 28 | if($action === 'SAVE' and (!isset($_POST['data']) or empty($_POST['data']))) |
||
| 29 | return; |
||
| 30 | |||
| 31 | #### Hash fingerprint. |
||
| 32 | $file = strtolower( |
||
| 33 | PseudoCrypt::hash( |
||
| 34 | preg_replace( |
||
| 35 | '/\D/', |
||
| 36 | '', |
||
| 37 | hash( |
||
| 38 | 'sha512', |
||
| 39 | $fingerprint |
||
| 40 | ) |
||
| 41 | ) |
||
| 42 | ).'.html' |
||
| 43 | ); |
||
| 44 | |||
| 28 | office | 45 | #### Build the user path. |
| 46 | $userPath = join( |
||
| 47 | DIRECTORY_SEPARATOR, |
||
| 48 | array( |
||
| 49 | $STORE_FOLDER, |
||
| 37 | office | 50 | $file |
| 28 | office | 51 | ) |
| 52 | ); |
||
| 53 | |||
| 54 | #### Check for path traversals |
||
| 55 | $pathPart = pathinfo($userPath); |
||
| 56 | if (strcasecmp( |
||
| 57 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
||
| 58 | return; |
||
| 59 | |||
| 37 | office | 60 | switch($action) { |
| 61 | case 'SAVE': |
||
| 28 | office | 62 | #### Store the file. |
| 29 | office | 63 | atomized_put_contents($userPath, $_POST['data']); |
| 28 | office | 64 | break; |
| 37 | office | 65 | case 'LOAD': |
| 29 | office | 66 | if(!file_exists($userPath)) |
| 67 | return; |
||
| 68 | echo atomized_get_contents($userPath); |
||
| 28 | office | 69 | break; |
| 70 | } |
||
| 71 |