Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

scratch

Compare Path:	Rev
With Path:	Rev

Reverse comparison | Ignore whitespace

?path1? @ 56  →  ?path2? @ 57

/file.html
@@ -42,7 +42,7 @@
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>Quickload</h1>
<h1>Scratch</h1>
<p>Asset sharing platform.</p>
</div>
@@ -67,13 +67,13 @@
<div class="btn-group" role="group">
<button type="submit" class="btn btn-default start">
<i class="glyphicon glyphicon-upload"></i>
<span>Upload</span>
<span>Upload All</span>
</button>
</div>
<div class="btn-group" role="group">
<button type="reset" class="btn btn-default cancel">
<i class="glyphicon glyphicon-ban-circle"></i>
<span>Cancel</span>
<span>Cancel All</span>
</button>
</div>
</div>

/file.php
@@ -14,13 +14,21 @@
#### Retrieve uploaded file.
if (!empty($_FILES['file']) and
is_uploaded_file($_FILES['file']['tmp_name'])) {
if($_FILES['file']['size'] > $ALLOWED_ASSET_SIZE * 1048576) {
header('File size exceeds '.$ALLOWED_ASSET_SIZE.'MiB.', true, 403);
return;
}
# Regular multipart/form-data upload.
$name = $_FILES['file']['name'];
$data = file_get_contents($_FILES['file']['tmp_name']);
$data = atomized_get_contents($_FILES['file']['tmp_name']);
} else {
if((int)get_file_size("php://input") > $ALLOWED_ASSET_SIZE * 1048576) {
header('File size exceeds '.$ALLOWED_ASSET_SIZE.'MiB.', true, 403);
return;
}
# Raw POST data.
$name = urldecode(@$_SERVER['HTTP_X_FILE_NAME']);
$data = file_get_contents("php://input");
$data = atomized_get_contents("php://input");
}
#### Grab the file extension.
@@ -30,7 +38,7 @@
if (!isset($fileExtension) ||
!in_array(strtoupper($fileExtension),
array_map('strtoupper', $ALLOWED_FILE_EXTENSIONS))) {
header("HTTP/1.1 500 Internal Server Error", true, 500);
header('File extension not allowed.', true, 403);
return;
}
@@ -62,6 +70,7 @@
$pathPart = pathinfo($userPath.'.'.$fileExtension);
if (strcasecmp(
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) {
header('Internal server error.', true, 500);
return;
}
@@ -75,7 +84,7 @@
case 'GET':
### If no file has been specified for download then return.
if (!isset($_GET['o']) or empty($_GET['o'])) {
http_response_code(404);
header('File not found.', true, 404);
return;
}
@@ -97,7 +106,7 @@
if (!isset($fileExtension) ||
!in_array(strtoupper($fileExtension),
array_map('strtoupper', $ALLOWED_FILE_EXTENSIONS))) {
header("HTTP/1.1 500 Internal Server Error", true, 500);
header('File extension not allowed.', true, 403);
return;
}
@@ -114,6 +123,7 @@
$pathPart = pathinfo($userPath);
if (strcasecmp(
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) {
header('Internal server error.', true, 500);
return;
}
@@ -128,10 +138,9 @@
### Open MIME info database and send the content type.
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if (!$finfo) {
http_response_code(500);
header('Internal server error.', true, 500);
return;
}
header('Content-type: '.finfo_file($finfo, $userPath));
finfo_close($finfo);
break;

/index.html
@@ -40,7 +40,7 @@
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>Quickload</h1>
<h1>Scratch</h1>
<p>Asset sharing platform.</p>
</div>

/text.html
@@ -45,7 +45,7 @@
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>Quickload</h1>
<h1>Scratch</h1>
<p>Asset sharing platform.</p>
</div>

/text.php
@@ -9,19 +9,25 @@
require_once('config.php');
if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
!isset($_POST['action']) or empty($_POST['action']))
return;
!isset($_POST['action']) or empty($_POST['action'])) {
header('Internal server error.', true, 500);
return;
}
#### Check fingerprint consistency.
$fingerprint = strtoupper($_POST['fingerprint']);
if(strlen($fingerprint) !== 32)
if(strlen($fingerprint) !== 32) {
header('Internal server error.', true, 500);
return;
}
$action = strtoupper($_POST['action']);
#### Data must be sent in order to save a file.
if($action === 'SAVE' and !isset($_POST['data']))
if($action === 'SAVE' and !isset($_POST['data'])) {
header('Internal server error.', true, 500);
return;
}
#### Hash fingerprint.
$file = strtolower(
@@ -50,8 +56,10 @@
#### Check for path traversals
$pathPart = pathinfo($userPath.'.html');
if (strcasecmp(
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) {
header('Internal server error.', true, 500);
return;
}
switch($action) {
case 'SAVE':
@@ -59,8 +67,10 @@
atomized_put_contents($userPath.'.html', $_POST['data']);
break;
case 'LOAD':
if(!file_exists($userPath.'.html'))
if(!file_exists($userPath.'.html')) {
header('File not found.', true, 404);
return;
}
### Set no-cache
header('Content-Type: text/html; charset=utf-8');
header('Cache-Control: no-cache, no-store, must-revalidate');

Powered by WebSVN 2.7.0 and Apache Subversion 1.14.2     ✓ XHTML & CSS