scratch
/file.php |
@@ -17,19 +17,19 @@ |
#### Script restrictions. |
if( |
( |
!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || |
empty($_SERVER['HTTP_X_REQUESTED_WITH']) || |
!isset($_SERVER['HTTP_X_REQUESTED_WITH']) or |
empty($_SERVER['HTTP_X_REQUESTED_WITH']) or |
strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
) |
|| |
or |
( |
( |
!isset($_SERVER['HTTP_REFERER']) || |
!isset($_SERVER['HTTP_REFERER']) or |
empty($_SERVER['HTTP_REFERER']) |
) |
&& |
and |
( |
strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') || |
strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or |
strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
) |
) |
/text.html |
@@ -160,7 +160,7 @@ |
// Set the nick as a cookie. |
const fingerprint = result; |
var nick = Cookies.get('nick'); |
if(!nick || nick.length !== 32) { |
if(!nick || !/^[A-Za-z0-9]{32}$/.test(nick)) { |
Cookies.set('nick', result, { path: '' }); |
nick = result; |
} |
@@ -278,7 +278,7 @@ |
// When the button is clicked, navigate to the fingerprint. |
$('#go').click(() => { |
nick = $('#nick').val(); |
if(!nick || nick.length != 32) |
if(!nick || !/^[A-Za-z0-9]{32}$/.test(nick)) |
return; |
Cookies.set('nick', nick, { path: '' }); |
result = nick; |
@@ -312,7 +312,7 @@ |
e.preventDefault(); |
|
nick = $('#nick').val(); |
if(!nick || nick.length != 32) |
if(!nick || !/^[A-Za-z0-9]{32}$/.test(nick)) |
return; |
Cookies.set('nick', nick, { path: '' }); |
result = nick; |
@@ -344,7 +344,7 @@ |
// While the nick is changing, navigate to the changed fingerprint. |
$("#nick").on('input', () => { |
nick = $('#nick').val(); |
if(!nick || nick.length != 32) |
if(!nick || !/^[A-Za-z0-9]{32}$/.test(nick)) |
return; |
Cookies.set('nick', nick, { path: '' }); |
result = nick; |
/text.php |
@@ -14,19 +14,19 @@ |
#### Script restrictions. |
if( |
( |
!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || |
empty($_SERVER['HTTP_X_REQUESTED_WITH']) || |
!isset($_SERVER['HTTP_X_REQUESTED_WITH']) or |
empty($_SERVER['HTTP_X_REQUESTED_WITH']) or |
strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST' |
) |
|| |
or |
( |
( |
!isset($_SERVER['HTTP_REFERER']) || |
!isset($_SERVER['HTTP_REFERER']) or |
empty($_SERVER['HTTP_REFERER']) |
) |
&& |
and |
( |
#strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') || |
#strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or |
strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML') |
) |
) |
@@ -36,7 +36,9 @@ |
die('Forbidden.'); |
} |
|
#### Check if the fingerprint and action are set parameters. |
if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
!preg_match('/^[A-Za-z0-9]{32}$/', $_POST['fingerprint']) or |
!isset($_POST['action']) or empty($_POST['action'])) { |
http_response_code(500); |
die('Internal server error.'); |