scratch – Diff between revs 28 and 29
?pathlinks?
| Rev 28 | Rev 29 | |||
|---|---|---|---|---|
| 1 | <?php |
1 | <?php |
|
| 2 | |
2 | |
|
| 3 | ########################################################################### |
3 | ########################################################################### |
|
| 4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
4 | ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## |
|
| 5 | ########################################################################### |
5 | ########################################################################### |
|
| 6 | |
6 | |
|
| 7 | require_once('inc/pseudocrypt.php'); |
7 | require_once('inc/pseudocrypt.php'); |
|
| 8 | require_once('inc/functions.php'); |
8 | require_once('inc/functions.php'); |
|
| 9 | require_once('config.php'); |
9 | require_once('config.php'); |
|
| 10 | |
- | ||
| 11 | #### Retrieve uploaded file. |
- | ||
| 12 | if (!isset($_POST['data']) or empty($_POST['data']) or |
- | ||
| 13 | !isset($_POST['action']) or empty($_POST['action'])) |
- | ||
| 14 | return; |
- | ||
| 15 | |
10 | |
|
| 16 | #### Build the user path. |
11 | #### Build the user path. |
|
| 17 | $userPath = join( |
12 | $userPath = join( |
|
| 18 | DIRECTORY_SEPARATOR, |
13 | DIRECTORY_SEPARATOR, |
|
| 19 | array( |
14 | array( |
|
| 20 | $STORE_FOLDER, |
15 | $STORE_FOLDER, |
|
| 21 | $SHARED_EDITOR_FILE |
16 | $SHARED_EDITOR_FILE |
|
| 22 | ) |
17 | ) |
|
| 23 | ); |
18 | ); |
|
| 24 | |
19 | |
|
| 25 | #### Check for path traversals |
20 | #### Check for path traversals |
|
| 26 | $pathPart = pathinfo($userPath); |
21 | $pathPart = pathinfo($userPath); |
|
| 27 | if (strcasecmp( |
22 | if (strcasecmp( |
|
| 28 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
23 | realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) |
|
| 29 | return; |
24 | return; |
|
| - | 25 | |
||
| 30 | |
26 | switch($_SERVER['REQUEST_METHOD']) { |
|
| 31 | $data = $_POST['data']; |
- | ||
| - | 27 | case 'POST': |
||
| 32 | |
28 | #### Retrieve uploaded file. |
|
| 33 | switch(strtoupper($_POST['action'])) { |
29 | if(!isset($_POST['data']) or empty($_POST['data'])) |
|
| - | 30 | return; |
||
| 34 | case 'SAVE': |
31 | |
|
| 35 | #### Store the file. |
32 | #### Store the file. |
|
| 36 | atomized_put_contents($userPath, $data); |
33 | atomized_put_contents($userPath, $_POST['data']); |
|
| 37 | break; |
34 | break; |
|
| - | 35 | case 'GET': |
||
| - | 36 | if(!file_exists($userPath)) |
||
| 38 | case 'LOAD': |
37 | return; |
|
| 39 | header('Content-Type: text/html; charset=utf-8'); |
38 | header('Content-Type: text/html; charset=utf-8'); |
|
| 40 | echo atomized_get_contents($userPath, $data); |
39 | echo atomized_get_contents($userPath); |
|
| 41 | break; |
40 | break; |
|
| 42 | } |
41 | } |
|
| 43 | |
42 | |
|
| 44 | |
43 | |
|