scratch – Diff between revs 48 and 49
?pathlinks?
| Rev 48 | Rev 49 | |||
|---|---|---|---|---|
| Line 38... | Line 38... | |||
| 38 | 'sha512', |
38 | 'sha512', |
|
| 39 | $fingerprint, |
39 | $fingerprint, |
|
| 40 | ) |
40 | ) |
|
| 41 | ), |
41 | ), |
|
| 42 | $ASSET_HASH_SIZE |
42 | $ASSET_HASH_SIZE |
|
| 43 | ). |
43 | ) |
|
| 44 | '.html' |
- | ||
| 45 | ); |
44 | ); |
|
| Line 46... | Line 45... | |||
| 46 | |
45 | |
|
| 47 | #### Build the user path. |
46 | #### Build the user path. |
|
| 48 | $userPath = join( |
47 | $userPath = join( |
|
| Line 52... | Line 51... | |||
| 52 | $file |
51 | $file |
|
| 53 | ) |
52 | ) |
|
| 54 | ); |
53 | ); |
|
| Line 55... | Line 54... | |||
| 55 | |
54 | |
|
| 56 | #### Check for path traversals |
55 | #### Check for path traversals |
|
| 57 | $pathPart = pathinfo($userPath); |
56 | $pathPart = pathinfo($userPath.'.html'); |
|
| 58 | if (strcasecmp( |
57 | if (strcasecmp( |
|
| 59 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
58 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
| Line 60... | Line 59... | |||
| 60 | return; |
59 | return; |
|
| 61 | |
60 | |
|
| 62 | switch($action) { |
61 | switch($action) { |
|
| 63 | case 'SAVE': |
62 | case 'SAVE': |
|
| 64 | #### Store the file. |
63 | #### Store the file. |
|
| 65 | atomized_put_contents($userPath, $_POST['data']); |
64 | atomized_put_contents($userPath.'.html', $_POST['data']); |
|
| 66 | break; |
65 | break; |
|
| 67 | case 'LOAD': |
66 | case 'LOAD': |
|
| 68 | if(!file_exists($userPath)) |
67 | if(!file_exists($userPath)) |
|
| 69 | return; |
68 | return; |
|
| 70 | echo atomized_get_contents($userPath); |
69 | echo atomized_get_contents($userPath.'.html'); |
|