scratch

Subversion Repositories:
Compare Path: Rev
With Path: Rev
?path1? @ 27  →  ?path2? @ 28
/quickload/config.php.dist
@@ -8,8 +8,10 @@
# uploaded.
$STORE_FOLDER = '/var/www/incoming/';
 
# Set this to the URL path of the folder where the files can be
# retrieved.
# Temporary editor file shared by all clients.
$SHARED_EDITOR_FILE = 'share.html';
 
# Set this to the URL path of the folder where the files can be retrieved.
$URL_PATH = 'http://my.tld/incoming/';
 
# A list of allowed files by extension that the template will accept.
@@ -29,6 +31,8 @@
"BZ2",
"TXT",
"CSV",
"HTML",
"HTM",
"DOC",
"DOCX",
"XLS",
@@ -35,3 +39,4 @@
"MP4",
"MP3"
];
 
/quickload/store-text.php
@@ -0,0 +1,43 @@
<?php
 
###########################################################################
## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
###########################################################################
 
require_once('inc/pseudocrypt.php');
require_once('inc/functions.php');
require_once('config.php');
 
#### Retrieve uploaded file.
if (!isset($_POST['data']) or empty($_POST['data']) or
!isset($_POST['action']) or empty($_POST['action']))
return;
 
#### Build the user path.
$userPath = join(
DIRECTORY_SEPARATOR,
array(
$STORE_FOLDER,
$SHARED_EDITOR_FILE
)
);
 
#### Check for path traversals
$pathPart = pathinfo($userPath);
if (strcasecmp(
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
return;
 
$data = $_POST['data'];
 
switch(strtoupper($_POST['action'])) {
case 'SAVE':
#### Store the file.
atomized_put_contents($userPath, $data);
break;
case 'LOAD':
header('Content-Type: text/html; charset=utf-8');
echo atomized_get_contents($userPath, $data);
break;
}
 
/quickload/text.html
@@ -74,10 +74,11 @@
}).on("tbwchange", () => {
$.post("store-text.php",
{
text: $('#trumbowyg').trumbowyg('html')
text: $('#trumbowyg').trumbowyg('html'),
action: 'save'
},
function(data, status){
alert("Data: " + data + "\nStatus: " + status);
//alert("Data: " + data + "\nStatus: " + status);
});
});
});