scratch

Subversion Repositories:

 /share-text.php
@@ -0,0 +1,71 @@
+<?php
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3      ##
+###########################################################################
+header('Content-Type: text/html; charset=utf-8');
+header('Cache-Control: no-cache, no-store, must-revalidate');
+header('Pragma: no-cache');
+header('Expires: 0');
+require_once('inc/pseudocrypt.php');
+require_once('inc/functions.php');
+require_once('config.php');
+if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
+    !isset($_POST['action']) or empty($_POST['action']))
+        return;
+#### Check fingerprint consistency.
+$fingerprint = strtoupper($_POST['fingerprint']);
+if(strlen($fingerprint) !== 32)
+    return;
+$action = strtoupper($_POST['action']);
+#### Data must be sent in order to save a file.
+if($action === 'SAVE' and !isset($_POST['data']))
+    return;
+#### Hash fingerprint.
+$file = strtolower(
+    PseudoCrypt::hash(
+        preg_replace(
+            '/\D/',
+            '',
+            hash(
+                'sha512',
+                $fingerprint
+            )
+        )
+    ).'.html'
+);
+#### Build the user path.
+$userPath = join(
+    DIRECTORY_SEPARATOR,
+    array(
+        $STORE_FOLDER,
+        $file
+    )
+);
+#### Check for path traversals
+$pathPart = pathinfo($userPath);
+if (strcasecmp(
+    realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
+    return;
+switch($action) {
+    case 'SAVE':
+        #### Store the file.
+        atomized_put_contents($userPath, $_POST['data']);
+        break;
+    case 'LOAD':
+        if(!file_exists($userPath))
+            return;
+        echo atomized_get_contents($userPath);
+        break;
+}

Compare Path:	Rev
With Path:	Rev