scratch – Diff between revs 94 and 96

Subversion Repositories:

?pathlinks?

Rev 94 – Rev 102 – Go to most recent revision – Details – Blame – Last modification – View Log

 #### POST -> upload / GET -> download
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'POST':
-        #### Script restrictions.
-        if(
-            (
-                !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or
-                empty($_SERVER['HTTP_X_REQUESTED_WITH']) or
-                strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST'
-            )
-                or
-            (
-                (
-                    !isset($_SERVER['HTTP_REFERER']) or
-                    empty($_SERVER['HTTP_REFERER'])
-                )
+        #### Script restrictions.
-                    and
-                (
+        session_start();
-                    strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or
-                    strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML')
-                )
-            )
-        )
         if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) {
             http_response_code(403);
             die('Forbidden.');
+        }
         #### Retrieve uploaded file.