scratch – Diff between revs 67 and 81
?pathlinks?
| Rev 67 | Rev 81 | |||
|---|---|---|---|---|
| Line 11... | Line 11... | |||
| 11 | ### Load configuration. |
11 | ### Load configuration. |
|
| 12 | $config = spyc_load_file('config.yaml'); |
12 | $config = spyc_load_file('config.yaml'); |
|
| Line 13... | Line 13... | |||
| 13 | |
13 | |
|
| 14 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
14 | if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
|
| 15 | !isset($_POST['action']) or empty($_POST['action'])) { |
15 | !isset($_POST['action']) or empty($_POST['action'])) { |
|
| 16 | header('Internal server error.', true, 500); |
16 | http_response_code(500); |
|
| 17 | return; |
17 | die('Internal server error.'); |
|
| Line 18... | Line 18... | |||
| 18 | } |
18 | } |
|
| 19 | |
19 | |
|
| 20 | #### Check fingerprint consistency. |
20 | #### Check fingerprint consistency. |
|
| 21 | $fingerprint = strtoupper($_POST['fingerprint']); |
21 | $fingerprint = strtoupper($_POST['fingerprint']); |
|
| 22 | if(strlen($fingerprint) !== 32) { |
22 | if(strlen($fingerprint) !== 32) { |
|
| 23 | header('Internal server error.', true, 500); |
23 | http_response_code(500); |
|
| Line 24... | Line 24... | |||
| 24 | return; |
24 | die('Internal server error.'); |
|
| Line 25... | Line 25... | |||
| 25 | } |
25 | } |
|
| 26 | |
26 | |
|
| 27 | $action = strtoupper($_POST['action']); |
27 | $action = strtoupper($_POST['action']); |
|
| 28 | |
28 | |
|
| 29 | #### Data must be sent in order to save a file. |
29 | #### Data must be sent in order to save a file. |
|
| Line 30... | Line 30... | |||
| 30 | if($action === 'SAVE' and !isset($_POST['data'])) { |
30 | if($action === 'SAVE' and !isset($_POST['data'])) { |
|
| 31 | header('Internal server error.', true, 500); |
31 | http_response_code(500); |
|
| 32 | return; |
32 | die('Internal server error.'); |
|
| Line 58... | Line 58... | |||
| 58 | |
58 | |
|
| 59 | #### Check for path traversals |
59 | #### Check for path traversals |
|
| 60 | $pathPart = pathinfo($userPath.'.html'); |
60 | $pathPart = pathinfo($userPath.'.html'); |
|
| 61 | if (strcasecmp( |
61 | if (strcasecmp( |
|
| 62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
62 | realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
|
| 63 | header('Internal server error.', true, 500); |
63 | http_response_code(500); |
|
| 64 | return; |
64 | die('Internal server error.'); |
|
| Line 65... | Line 65... | |||
| 65 | } |
65 | } |
|
| 66 | |
66 | |
|
| 67 | switch($action) { |
67 | switch($action) { |
|