scratch
/text.php |
@@ -6,8 +6,11 @@ |
|
require_once('php/pseudocrypt.php'); |
require_once('php/functions.php'); |
require_once('config.php'); |
require_once('vendor/mustangostang/spyc/Spyc.php'); |
|
### Load configuration. |
$config = spyc_load_file('config.yaml'); |
|
if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
!isset($_POST['action']) or empty($_POST['action'])) { |
header('Internal server error.', true, 500); |
@@ -40,7 +43,7 @@ |
$fingerprint |
) |
), |
$ASSET_HASH_SIZE |
$config['ASSET_HASH_SIZE'] |
) |
); |
|
@@ -48,7 +51,7 @@ |
$userPath = join( |
DIRECTORY_SEPARATOR, |
array( |
$STORE_FOLDER, |
$config['STORE_FOLDER'], |
$file |
) |
); |
@@ -56,7 +59,7 @@ |
#### Check for path traversals |
$pathPart = pathinfo($userPath.'.html'); |
if (strcasecmp( |
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) { |
realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
header('Internal server error.', true, 500); |
return; |
} |