scratch
| /quickload/store-text.php |
|---|
| @@ -0,0 +1,43 @@ |
| <?php |
| ########################################################################### |
| ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
| ########################################################################### |
| require_once('inc/pseudocrypt.php'); |
| require_once('inc/functions.php'); |
| require_once('config.php'); |
| #### Retrieve uploaded file. |
| if (!isset($_POST['data']) or empty($_POST['data']) or |
| !isset($_POST['action']) or empty($_POST['action'])) |
| return; |
| #### Build the user path. |
| $userPath = join( |
| DIRECTORY_SEPARATOR, |
| array( |
| $STORE_FOLDER, |
| $SHARED_EDITOR_FILE |
| ) |
| ); |
| #### Check for path traversals |
| $pathPart = pathinfo($userPath); |
| if (strcasecmp( |
| realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
| return; |
| $data = $_POST['data']; |
| switch(strtoupper($_POST['action'])) { |
| case 'SAVE': |
| #### Store the file. |
| atomized_put_contents($userPath, $data); |
| break; |
| case 'LOAD': |
| header('Content-Type: text/html; charset=utf-8'); |
| echo atomized_get_contents($userPath, $data); |
| break; |
| } |