scratch – Diff between revs 93 and 94

Subversion Repositories:
Rev:
Show entire fileIgnore whitespace
Rev 93 Rev 94
Line 12... Line 12...
12 $config = spyc_load_file('config.yaml'); 12 $config = spyc_load_file('config.yaml');
Line 13... Line 13...
13   13  
14 #### Script restrictions. 14 #### Script restrictions.
15 if( 15 if(
16 ( 16 (
17 !isset($_SERVER['HTTP_X_REQUESTED_WITH']) || 17 !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or
18 empty($_SERVER['HTTP_X_REQUESTED_WITH']) || 18 empty($_SERVER['HTTP_X_REQUESTED_WITH']) or
19 strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' 19 strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST'
20 ) 20 )
21 || 21 or
22 ( 22 (
23 ( 23 (
24 !isset($_SERVER['HTTP_REFERER']) || 24 !isset($_SERVER['HTTP_REFERER']) or
25 empty($_SERVER['HTTP_REFERER']) 25 empty($_SERVER['HTTP_REFERER'])
26 ) 26 )
27 && 27 and
28 ( 28 (
29 #strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') || 29 #strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or
30 strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') 30 strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML')
31 ) 31 )
32 ) 32 )
33 ) 33 )
34 { 34 {
35 http_response_code(403); 35 http_response_code(403);
36 die('Forbidden.'); 36 die('Forbidden.');
Line -... Line 37...
-   37 }
37 } 38  
-   39 #### Check if the fingerprint and action are set parameters.
38   40 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
39 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or 41 !preg_match('/^[A-Za-z0-9]{32}$/', $_POST['fingerprint']) or
40 !isset($_POST['action']) or empty($_POST['action'])) { 42 !isset($_POST['action']) or empty($_POST['action'])) {
41 http_response_code(500); 43 http_response_code(500);