| /text.php |
|---|
| @@ -9,19 +9,25 @@ |
|---|
| require_once('config.php'); |
| |
| if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
| !isset($_POST['action']) or empty($_POST['action'])) |
| return; |
| !isset($_POST['action']) or empty($_POST['action'])) { |
| header('Internal server error.', true, 500); |
| return; |
| } |
| |
| #### Check fingerprint consistency. |
| $fingerprint = strtoupper($_POST['fingerprint']); |
| if(strlen($fingerprint) !== 32) |
| if(strlen($fingerprint) !== 32) { |
| header('Internal server error.', true, 500); |
| return; |
| } |
| |
| $action = strtoupper($_POST['action']); |
| |
| #### Data must be sent in order to save a file. |
| if($action === 'SAVE' and !isset($_POST['data'])) |
| if($action === 'SAVE' and !isset($_POST['data'])) { |
| header('Internal server error.', true, 500); |
| return; |
| } |
| |
| #### Hash fingerprint. |
| $file = strtolower( |
| @@ -50,8 +56,10 @@ |
|---|
| #### Check for path traversals |
| $pathPart = pathinfo($userPath.'.html'); |
| if (strcasecmp( |
| realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
| realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) { |
| header('Internal server error.', true, 500); |
| return; |
| } |
| |
| switch($action) { |
| case 'SAVE': |
| @@ -59,8 +67,10 @@ |
|---|
| atomized_put_contents($userPath.'.html', $_POST['data']); |
| break; |
| case 'LOAD': |
| if(!file_exists($userPath.'.html')) |
| if(!file_exists($userPath.'.html')) { |
| header('File not found.', true, 404); |
| return; |
| } |
| ### Set no-cache |
| header('Content-Type: text/html; charset=utf-8'); |
| header('Cache-Control: no-cache, no-store, must-revalidate'); |
