scratch – Diff between revs 34 and 37

Subversion Repositories:
Rev:
Show entire fileIgnore whitespace
Rev 34 Rev 37
Line 2... Line 2...
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
Line -... Line 5...
-   5 ###########################################################################
-   6  
-   7 header('Content-Type: text/html; charset=utf-8');
-   8 header('Cache-Control: no-cache, no-store, must-revalidate');
-   9 header('Pragma: no-cache');
5 ########################################################################### 10 header('Expires: 0');
6   11  
7 require_once('inc/pseudocrypt.php'); 12 require_once('inc/pseudocrypt.php');
Line -... Line 13...
-   13 require_once('inc/functions.php');
-   14 require_once('config.php');
-   15  
-   16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
-   17 !isset($_POST['action']) or empty($_POST['action']))
-   18 return;
-   19  
-   20 #### Check fingerprint consistency.
-   21 $fingerprint = strtoupper($_POST['fingerprint']);
-   22 if(strlen($fingerprint) !== 32)
-   23 return;
-   24  
-   25 $action = strtoupper($_POST['action']);
-   26  
-   27 #### Data must be sent in order to save a file.
-   28 if($action === 'SAVE' and (!isset($_POST['data']) or empty($_POST['data'])))
-   29 return;
-   30  
-   31 #### Hash fingerprint.
-   32 $file = strtolower(
-   33 PseudoCrypt::hash(
-   34 preg_replace(
-   35 '/\D/',
-   36 '',
-   37 hash(
-   38 'sha512',
-   39 $fingerprint
-   40 )
-   41 )
8 require_once('inc/functions.php'); 42 ).'.html'
9 require_once('config.php'); 43 );
10   44  
11 #### Build the user path. 45 #### Build the user path.
12 $userPath = join( 46 $userPath = join(
13 DIRECTORY_SEPARATOR, 47 DIRECTORY_SEPARATOR,
14 array( 48 array(
15 $STORE_FOLDER, 49 $STORE_FOLDER,
Line 16... Line 50...
16 $SHARED_EDITOR_FILE 50 $file
17 ) 51 )
18 ); 52 );
19   53  
20 #### Check for path traversals 54 #### Check for path traversals
Line 21... Line 55...
21 $pathPart = pathinfo($userPath); 55 $pathPart = pathinfo($userPath);
22 if (strcasecmp( 56 if (strcasecmp(
23 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) -  
24 return; -  
25   -  
26 switch($_SERVER['REQUEST_METHOD']) { -  
27 case 'POST': 57 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
28 #### Retrieve uploaded file. 58 return;
29 if(!isset($_POST['data']) or empty($_POST['data'])) 59  
30 return; 60 switch($action) {
31 61 case 'SAVE':
32 #### Store the file. 62 #### Store the file.
33 atomized_put_contents($userPath, $_POST['data']); -  
34 break; -  
35 case 'GET': -  
36 if(!file_exists($userPath)) -  
37 return; 63 atomized_put_contents($userPath, $_POST['data']);
38 header('Content-Type: text/html; charset=utf-8'); 64 break;
39 header('Cache-Control: no-cache, no-store, must-revalidate'); 65 case 'LOAD':