scratch – Diff between revs 44 and 48

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 44 Rev 48
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   6  
7 header('Content-Type: text/html; charset=utf-8'); 7 header('Content-Type: text/html; charset=utf-8');
8 header('Cache-Control: no-cache, no-store, must-revalidate'); 8 header('Cache-Control: no-cache, no-store, must-revalidate');
9 header('Pragma: no-cache'); 9 header('Pragma: no-cache');
10 header('Expires: 0'); 10 header('Expires: 0');
11   11  
12 require_once('inc/pseudocrypt.php'); 12 require_once('inc/pseudocrypt.php');
13 require_once('inc/functions.php'); 13 require_once('inc/functions.php');
14 require_once('config.php'); 14 require_once('config.php');
15   15  
16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or 16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
17 !isset($_POST['action']) or empty($_POST['action'])) 17 !isset($_POST['action']) or empty($_POST['action']))
18 return; 18 return;
19   19  
20 #### Check fingerprint consistency. 20 #### Check fingerprint consistency.
21 $fingerprint = strtoupper($_POST['fingerprint']); 21 $fingerprint = strtoupper($_POST['fingerprint']);
22 if(strlen($fingerprint) !== 32) 22 if(strlen($fingerprint) !== 32)
23 return; 23 return;
24   24  
25 $action = strtoupper($_POST['action']); 25 $action = strtoupper($_POST['action']);
26   26  
27 #### Data must be sent in order to save a file. 27 #### Data must be sent in order to save a file.
28 if($action === 'SAVE' and !isset($_POST['data'])) 28 if($action === 'SAVE' and !isset($_POST['data']))
29 return; 29 return;
30   30  
31 #### Hash fingerprint. 31 #### Hash fingerprint.
32 $file = strtolower( 32 $file = strtolower(
33 PseudoCrypt::hash( 33 PseudoCrypt::hash(
34 preg_replace( 34 preg_replace(
35 '/\D/', 35 '/\D/',
36 '', 36 '',
37 hash( 37 hash(
38 'sha512', 38 'sha512',
39 $fingerprint 39 $fingerprint,
40 ) 40 )
41 ) 41 ),
-   42 $ASSET_HASH_SIZE
-   43 ).
42 ).'.html' 44 '.html'
43 ); 45 );
44   46  
45 #### Build the user path. 47 #### Build the user path.
46 $userPath = join( 48 $userPath = join(
47 DIRECTORY_SEPARATOR, 49 DIRECTORY_SEPARATOR,
48 array( 50 array(
49 $STORE_FOLDER, 51 $STORE_FOLDER,
50 $file 52 $file
51 ) 53 )
52 ); 54 );
53   55  
54 #### Check for path traversals 56 #### Check for path traversals
55 $pathPart = pathinfo($userPath); 57 $pathPart = pathinfo($userPath);
56 if (strcasecmp( 58 if (strcasecmp(
57 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) 59 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
58 return; 60 return;
59   61  
60 switch($action) { 62 switch($action) {
61 case 'SAVE': 63 case 'SAVE':
62 #### Store the file. 64 #### Store the file.
63 atomized_put_contents($userPath, $_POST['data']); 65 atomized_put_contents($userPath, $_POST['data']);
64 break; 66 break;
65 case 'LOAD': 67 case 'LOAD':
66 if(!file_exists($userPath)) 68 if(!file_exists($userPath))
67 return; 69 return;
68 echo atomized_get_contents($userPath); 70 echo atomized_get_contents($userPath);
69 break; 71 break;
70 } 72 }
71   73  
72   74