scratch – Diff between revs 27 and 28
?pathlinks?
| Rev 27 | Rev 28 | |||
|---|---|---|---|---|
| Line -... | Line 1... | |||
| - | 1 | <?php |
||
| - | 2 | |
||
| - | 3 | ########################################################################### |
||
| - | 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
||
| - | 5 | ########################################################################### |
||
| - | 6 | |
||
| - | 7 | require_once('inc/pseudocrypt.php'); |
||
| - | 8 | require_once('inc/functions.php'); |
||
| - | 9 | require_once('config.php'); |
||
| - | 10 | |
||
| - | 11 | #### Retrieve uploaded file. |
||
| - | 12 | if (!isset($_POST['data']) or empty($_POST['data']) or |
||
| - | 13 | !isset($_POST['action']) or empty($_POST['action'])) |
||
| - | 14 | return; |
||
| - | 15 | |
||
| - | 16 | #### Build the user path. |
||
| - | 17 | $userPath = join( |
||
| - | 18 | DIRECTORY_SEPARATOR, |
||
| - | 19 | array( |
||
| - | 20 | $STORE_FOLDER, |
||
| - | 21 | $SHARED_EDITOR_FILE |
||
| - | 22 | ) |
||
| - | 23 | ); |
||
| - | 24 | |
||
| - | 25 | #### Check for path traversals |
||
| - | 26 | $pathPart = pathinfo($userPath); |
||
| - | 27 | if (strcasecmp( |
||
| - | 28 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
||
| - | 29 | return; |
||
| - | 30 | |
||
| - | 31 | $data = $_POST['data']; |
||
| - | 32 | |
||
| - | 33 | switch(strtoupper($_POST['action'])) { |
||
| - | 34 | case 'SAVE': |
||
| - | 35 | #### Store the file. |
||
| - | 36 | atomized_put_contents($userPath, $data); |
||
| - | 37 | break; |
||
| - | 38 | case 'LOAD': |
||
| - | 39 | header('Content-Type: text/html; charset=utf-8'); |
||
| - | 40 | echo atomized_get_contents($userPath, $data); |
||
| - | 41 | break; |
||
| - | 42 | } |
||
| - | 43 | |
||