scratch
| /text.php |
|---|
| @@ -6,8 +6,11 @@ |
| require_once('php/pseudocrypt.php'); |
| require_once('php/functions.php'); |
| require_once('config.php'); |
| require_once('vendor/mustangostang/spyc/Spyc.php'); |
| ### Load configuration. |
| $config = spyc_load_file('config.yaml'); |
| if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or |
| !isset($_POST['action']) or empty($_POST['action'])) { |
| header('Internal server error.', true, 500); |
| @@ -40,7 +43,7 @@ |
| $fingerprint |
| ) |
| ), |
| $ASSET_HASH_SIZE |
| $config['ASSET_HASH_SIZE'] |
| ) |
| ); |
| @@ -48,7 +51,7 @@ |
| $userPath = join( |
| DIRECTORY_SEPARATOR, |
| array( |
| $STORE_FOLDER, |
| $config['STORE_FOLDER'], |
| $file |
| ) |
| ); |
| @@ -56,7 +59,7 @@ |
| #### Check for path traversals |
| $pathPart = pathinfo($userPath.'.html'); |
| if (strcasecmp( |
| realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) { |
| realpath($pathPart['dirname']), realpath($config['STORE_FOLDER'])) != 0) { |
| header('Internal server error.', true, 500); |
| return; |
| } |