scratch – Diff between revs 53 and 57
?pathlinks?
| Rev 53 | Rev 57 | |||
|---|---|---|---|---|
| Line 7... | Line 7... | |||
| 7 | require_once('inc/pseudocrypt.php'); |
7 | require_once('inc/pseudocrypt.php'); |
|
| 8 | require_once('inc/functions.php'); |
8 | require_once('inc/functions.php'); |
|
| 9 | require_once('config.php'); |
9 | require_once('config.php'); |
|
| Line 10... | Line 10... | |||
| 10 | |
10 | |
|
| 11 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
11 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
|
| - | 12 | !isset($_POST['action']) or empty($_POST['action'])) { |
||
| 12 | !isset($_POST['action']) or empty($_POST['action'])) |
13 | header('Internal server error.', true, 500); |
|
| - | 14 | return; |
||
| Line 13... | Line 15... | |||
| 13 | return; |
15 | } |
|
| 14 | |
16 | |
|
| 15 | #### Check fingerprint consistency. |
17 | #### Check fingerprint consistency. |
|
| - | 18 | $fingerprint = strtoupper($_POST['fingerprint']); |
||
| 16 | $fingerprint = strtoupper($_POST['fingerprint']); |
19 | if(strlen($fingerprint) !== 32) { |
|
| - | 20 | header('Internal server error.', true, 500); |
||
| Line 17... | Line 21... | |||
| 17 | if(strlen($fingerprint) !== 32) |
21 | return; |
|
| Line 18... | Line 22... | |||
| 18 | return; |
22 | } |
|
| 19 | |
23 | |
|
| - | 24 | $action = strtoupper($_POST['action']); |
||
| 20 | $action = strtoupper($_POST['action']); |
25 | |
|
| - | 26 | #### Data must be sent in order to save a file. |
||
| Line 21... | Line 27... | |||
| 21 | |
27 | if($action === 'SAVE' and !isset($_POST['data'])) { |
|
| 22 | #### Data must be sent in order to save a file. |
28 | header('Internal server error.', true, 500); |
|
| 23 | if($action === 'SAVE' and !isset($_POST['data'])) |
29 | return; |
|
| 24 | return; |
30 | } |
|
| Line 48... | Line 54... | |||
| 48 | ); |
54 | ); |
|
| Line 49... | Line 55... | |||
| 49 | |
55 | |
|
| 50 | #### Check for path traversals |
56 | #### Check for path traversals |
|
| 51 | $pathPart = pathinfo($userPath.'.html'); |
57 | $pathPart = pathinfo($userPath.'.html'); |
|
| 52 | if (strcasecmp( |
58 | if (strcasecmp( |
|
| - | 59 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) { |
||
| 53 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
60 | header('Internal server error.', true, 500); |
|
| - | 61 | return; |
||
| Line 54... | Line 62... | |||
| 54 | return; |
62 | } |
|
| 55 | |
63 | |
|
| 56 | switch($action) { |
64 | switch($action) { |
|
| 57 | case 'SAVE': |
65 | case 'SAVE': |
|
| 58 | #### Store the file. |
66 | #### Store the file. |
|
| 59 | atomized_put_contents($userPath.'.html', $_POST['data']); |
67 | atomized_put_contents($userPath.'.html', $_POST['data']); |
|
| 60 | break; |
68 | break; |
|
| - | 69 | case 'LOAD': |
||
| 61 | case 'LOAD': |
70 | if(!file_exists($userPath.'.html')) { |
|
| - | 71 | header('File not found.', true, 404); |
||
| 62 | if(!file_exists($userPath.'.html')) |
72 | return; |
|
| 63 | return; |
73 | } |
|
| 64 | ### Set no-cache |
74 | ### Set no-cache |
|
| 65 | header('Content-Type: text/html; charset=utf-8'); |
75 | header('Content-Type: text/html; charset=utf-8'); |
|
| 66 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
76 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
|