scratch – Diff between revs 34 and 37
?pathlinks?
| Rev 34 | Rev 37 | |||
|---|---|---|---|---|
| Line 2... | Line 2... | |||
| 2 | |
2 | |
|
| 3 | ########################################################################### |
3 | ########################################################################### |
|
| 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
| Line -... | Line 5... | |||
| - | 5 | ########################################################################### |
||
| - | 6 | |
||
| - | 7 | header('Content-Type: text/html; charset=utf-8'); |
||
| - | 8 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
||
| - | 9 | header('Pragma: no-cache'); |
||
| 5 | ########################################################################### |
10 | header('Expires: 0'); |
|
| 6 | |
11 | |
|
| 7 | require_once('inc/pseudocrypt.php'); |
12 | require_once('inc/pseudocrypt.php'); |
|
| Line -... | Line 13... | |||
| - | 13 | require_once('inc/functions.php'); |
||
| - | 14 | require_once('config.php'); |
||
| - | 15 | |
||
| - | 16 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
||
| - | 17 | !isset($_POST['action']) or empty($_POST['action'])) |
||
| - | 18 | return; |
||
| - | 19 | |
||
| - | 20 | #### Check fingerprint consistency. |
||
| - | 21 | $fingerprint = strtoupper($_POST['fingerprint']); |
||
| - | 22 | if(strlen($fingerprint) !== 32) |
||
| - | 23 | return; |
||
| - | 24 | |
||
| - | 25 | $action = strtoupper($_POST['action']); |
||
| - | 26 | |
||
| - | 27 | #### Data must be sent in order to save a file. |
||
| - | 28 | if($action === 'SAVE' and (!isset($_POST['data']) or empty($_POST['data']))) |
||
| - | 29 | return; |
||
| - | 30 | |
||
| - | 31 | #### Hash fingerprint. |
||
| - | 32 | $file = strtolower( |
||
| - | 33 | PseudoCrypt::hash( |
||
| - | 34 | preg_replace( |
||
| - | 35 | '/\D/', |
||
| - | 36 | '', |
||
| - | 37 | hash( |
||
| - | 38 | 'sha512', |
||
| - | 39 | $fingerprint |
||
| - | 40 | ) |
||
| - | 41 | ) |
||
| 8 | require_once('inc/functions.php'); |
42 | ).'.html' |
|
| 9 | require_once('config.php'); |
43 | ); |
|
| 10 | |
44 | |
|
| 11 | #### Build the user path. |
45 | #### Build the user path. |
|
| 12 | $userPath = join( |
46 | $userPath = join( |
|
| 13 | DIRECTORY_SEPARATOR, |
47 | DIRECTORY_SEPARATOR, |
|
| 14 | array( |
48 | array( |
|
| 15 | $STORE_FOLDER, |
49 | $STORE_FOLDER, |
|
| Line 16... | Line 50... | |||
| 16 | $SHARED_EDITOR_FILE |
50 | $file |
|
| 17 | ) |
51 | ) |
|
| 18 | ); |
52 | ); |
|
| 19 | |
53 | |
|
| 20 | #### Check for path traversals |
54 | #### Check for path traversals |
|
| Line 21... | Line 55... | |||
| 21 | $pathPart = pathinfo($userPath); |
55 | $pathPart = pathinfo($userPath); |
|
| 22 | if (strcasecmp( |
56 | if (strcasecmp( |
|
| 23 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
- | ||
| 24 | return; |
- | ||
| 25 | |
- | ||
| 26 | switch($_SERVER['REQUEST_METHOD']) { |
- | ||
| 27 | case 'POST': |
57 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
| 28 | #### Retrieve uploaded file. |
58 | return; |
|
| 29 | if(!isset($_POST['data']) or empty($_POST['data'])) |
59 | |
|
| 30 | return; |
60 | switch($action) { |
|
| 31 | |
61 | case 'SAVE': |
|
| 32 | #### Store the file. |
62 | #### Store the file. |
|
| 33 | atomized_put_contents($userPath, $_POST['data']); |
- | ||
| 34 | break; |
- | ||
| 35 | case 'GET': |
- | ||
| 36 | if(!file_exists($userPath)) |
- | ||
| 37 | return; |
63 | atomized_put_contents($userPath, $_POST['data']); |
|
| 38 | header('Content-Type: text/html; charset=utf-8'); |
64 | break; |
|
| 39 | header('Cache-Control: no-cache, no-store, must-revalidate'); |
65 | case 'LOAD': |
|