scratch – Diff between revs 49 and 50

Subversion Repositories:
Rev:
Only display areas with differencesIgnore whitespace
Rev 49 Rev 50
1 <?php 1 <?php
2   2  
3 ########################################################################### 3 ###########################################################################
4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ## 4 ## Copyright (C) Wizardry and Steamworks 2017 - License: GNU GPLv3 ##
5 ########################################################################### 5 ###########################################################################
6   6  
7 header('Content-Type: text/html; charset=utf-8'); 7 header('Content-Type: text/html; charset=utf-8');
8 header('Cache-Control: no-cache, no-store, must-revalidate'); 8 header('Cache-Control: no-cache, no-store, must-revalidate');
9 header('Pragma: no-cache'); 9 header('Pragma: no-cache');
10 header('Expires: 0'); 10 header('Expires: 0');
11   11  
12 require_once('inc/pseudocrypt.php'); 12 require_once('inc/pseudocrypt.php');
13 require_once('inc/functions.php'); 13 require_once('inc/functions.php');
14 require_once('config.php'); 14 require_once('config.php');
15   15  
16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or 16 if(!isset($_POST['fingerprint']) or empty($_POST['fingerprint']) or
17 !isset($_POST['action']) or empty($_POST['action'])) 17 !isset($_POST['action']) or empty($_POST['action']))
18 return; 18 return;
19   19  
20 #### Check fingerprint consistency. 20 #### Check fingerprint consistency.
21 $fingerprint = strtoupper($_POST['fingerprint']); 21 $fingerprint = strtoupper($_POST['fingerprint']);
22 if(strlen($fingerprint) !== 32) 22 if(strlen($fingerprint) !== 32)
23 return; 23 return;
24   24  
25 $action = strtoupper($_POST['action']); 25 $action = strtoupper($_POST['action']);
26   26  
27 #### Data must be sent in order to save a file. 27 #### Data must be sent in order to save a file.
28 if($action === 'SAVE' and !isset($_POST['data'])) 28 if($action === 'SAVE' and !isset($_POST['data']))
29 return; 29 return;
30   30  
31 #### Hash fingerprint. 31 #### Hash fingerprint.
32 $file = strtolower( 32 $file = strtolower(
33 PseudoCrypt::hash( 33 PseudoCrypt::hash(
34 preg_replace( 34 preg_replace(
35 '/\D/', 35 '/\D/',
36 '', 36 '',
37 hash( 37 hash(
38 'sha512', 38 'sha512',
39 $fingerprint, 39 $fingerprint
40 ) 40 )
41 ), 41 ),
42 $ASSET_HASH_SIZE 42 $ASSET_HASH_SIZE
43 ) 43 )
44 ); 44 );
45   45  
46 #### Build the user path. 46 #### Build the user path.
47 $userPath = join( 47 $userPath = join(
48 DIRECTORY_SEPARATOR, 48 DIRECTORY_SEPARATOR,
49 array( 49 array(
50 $STORE_FOLDER, 50 $STORE_FOLDER,
51 $file 51 $file
52 ) 52 )
53 ); 53 );
54   54  
55 #### Check for path traversals 55 #### Check for path traversals
56 $pathPart = pathinfo($userPath.'.html'); 56 $pathPart = pathinfo($userPath.'.html');
57 if (strcasecmp( 57 if (strcasecmp(
58 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0) 58 realpath($pathPart['dirname']), realpath($STORE_FOLDER)) != 0)
59 return; 59 return;
60   60  
61 switch($action) { 61 switch($action) {
62 case 'SAVE': 62 case 'SAVE':
63 #### Store the file. 63 #### Store the file.
64 atomized_put_contents($userPath.'.html', $_POST['data']); 64 atomized_put_contents($userPath.'.html', $_POST['data']);
65 break; 65 break;
66 case 'LOAD': 66 case 'LOAD':
67 if(!file_exists($userPath)) 67 if(!file_exists($userPath.'.html'))
68 return; 68 return;
69 echo atomized_get_contents($userPath.'.html'); 69 echo atomized_get_contents($userPath.'.html');
70 break; 70 break;
71 } 71 }
72   72  
73   73